VDB

GCVE-VVD-MAGEIA-2023-325

GCVE-VVD-MAGEIA-2023-325
Advisory Published
Vulnetix · Advisory published November 27, 2023
Updated lilypond packages fix a security vulnerability: LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used.
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageialilypond0 (affected), 2.24.2-2.mga9 (unaffected)

Aliases

CVE-2020-17354

Transitive aliases

GHSA-vm3h-24gm-v3q6GSD-2020-17354VVD-CISA-2020-17354EUVD-2020-9308

References

Updated lilypond packages fix a security vulnerability
advisory
Updated lilypond packages fix a security vulnerability
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›