Name of the Vulnerable Software and Affected Versions FontManager (affected versions not specified)

Description The issue arises from an unsafe use of string concatenation in a shell string within FontManager. This allows an attacker to execute any shell command on the remote system if they are permitted to choose the font and an image is outputted. The name variable, which is injected from the FontManager constructor invoked by ImageFormatter from options, is the source of the vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.