Faidon Liambotis

**Name of the Vulnerable Software and Affected Versions** LilyPond versions 2.20.0 and earlier LilyPond versions 2.21.x through 2.21.4 **Description** The issue is related to a lack of restrictions on embedded-ps and embedded-svg when the -dsafe option is used. This can be exploited by including dangerous PostScript code, potentially allowing an attacker to execute arbitrary code. **Recommendations** For LilyPond versions 2.20.0 and earlier, consider disabling the use of embedded-ps and embedded-svg until a patch is available. For LilyPond versions 2.21.x through 2.21.4, restrict the use of embedded-ps and embedded-svg to minimize the risk of exploitation. As a temporary workaround, avoid using the -dsafe option with embedded-ps and embedded-svg until the issue is resolved.