VDB
GCVE-110-MAGEIA-2015-478
GCVE-110-MAGEIA-2015-478
Advisory Published
An unsafe use of string concatenation in a shell string occurs in FontManager.
If the developer allows the attacker to choose the font and outputs an image,
the attacker can execute any shell command on the remote system. The name
variable injected comes from the constructor of FontManager, which is invoked
by ImageFormatter from options (CVE-2015-8557, rhbz#1276321).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | python-pygments | 0 (affected), 1.6-9.1.mga5 (unaffected) | — |
Browse GCVE Records
72,148 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.