CVE-2017-10708

Name of the Vulnerable Software and Affected Versions Apport versions prior to 2.20.x

Description An issue in Apport allows remote attackers to execute arbitrary code via a crafted .crash file. The issue arises from Apport's handling of the ExecutablePath field in apport/report.py, where it fails to protect against path traversal when running package-specific hooks.

Recommendations For Apport versions prior to 2.20.x, consider restricting access to the report.py module to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using Apport to process untrusted .crash files.