CVE-2013-7381

Name of the Vulnerable Software and Affected Versions libnotify versions 1.0.3 and earlier

Description The issue allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify(). This is a result of a shell command injection vulnerability, where untrusted input passed into libnotify.notify() could result in the execution of shell commands. The callers of libnotify.notify() may be unaware of this risk.

Recommendations Update to version 1.0.4 or greater. As a temporary workaround, consider validating and sanitizing any user input before passing it to libnotify.notify() to minimize the risk of exploitation. Restrict access to the libnotify.notify() function until the issue is resolved by updating to a secure version.