CVE-2017-16926

Name of the Vulnerable Software and Affected Versions Ohcount version 3.0.0

Description The issue is related to a lack of input data sanitization, which can be exploited by an attacker providing a source tree for Ohcount processing to execute arbitrary code as the user running Ohcount. This can be achieved through specially crafted filenames containing shell metacharacters.

Recommendations For Ohcount version 3.0.0, consider validating and sanitizing filenames before processing to prevent command injection attacks. As a temporary workaround, restrict the use of Ohcount to trusted sources and avoid using it with unverified input data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.