CVE-2016-10081

Name of the Vulnerable Software and Affected Versions Shutter versions 0.93.1 and earlier

Description The issue allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action. This is related to the /usr/bin/shutter component.

Recommendations For Shutter versions 0.93.1 and earlier, as a temporary workaround, consider restricting the use of the "Run a plugin" action until a patch is available. Avoid using crafted image names in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.