CVE-2017-17523

Name of the Vulnerable Software and Affected Versions LilyPond versions prior to 2.19.80

Description The issue concerns the failure to validate strings before launching a program specified by the BROWSER environment variable. This allows remote attackers to conduct argument-injection attacks via a crafted URL, such as using the --proxy-pac-file argument.

Recommendations For versions prior to 2.19.80, update to version 2.19.80 or later to resolve the issue. As a temporary workaround, consider restricting the use of the BROWSER environment variable to minimize the risk of exploitation.