VDB
GCVE-110-MAGEIA-2018-278
GCVE-110-MAGEIA-2018-278
Advisory Published
Updated scummvm package fixes security vulnerability
ScummVM 1.8.1's POSIX backend does not validate strings before launching the
program specified by the BROWSER environment variable, which might allow remote
attackers to conduct argument-injection attacks via a crafted URL
(CVE-2017-17528).
This update fixes it, and updates ScummVM to the latest 2.0.0 upstream release,
adding support for 23 new games, and several bug fixes.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | scummvm | 2.0.0-1.mga6 (unaffected), 0 (affected) | — |
Aliases
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.