PT-2024-21977 · Dc2Niix+1 · Dc2Niix+1
Bananabr
·
Published
2024-06-28
·
Updated
2024-08-01
·
CVE-2024-27629
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
dc2niix versions prior to 1.0.20240202
Description
The issue allows a local attacker to execute arbitrary code via a generated file name that is not properly escaped and injected into a system call when certain types of compression are used.
Recommendations
For versions prior to 1.0.20240202, update to version 1.0.20240202 or later to resolve the issue.
Fix
Improper Encoding or Escaping of Output
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Dc2Niix