CVE-2018-1000523

Name of the Vulnerable Software and Affected Versions topydo (affected versions not specified)

Description The issue is related to improper input validation in the ListFormatParser::parse function, located in the topydo/lib/ListFormat.py file. This can lead to the injection of arbitrary bytes to the terminal, including terminal escape code sequences. The attack appears to be exploitable if the victim opens a todo.txt file with at least one specially crafted line.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.