comix
Page content
- Vulnerable: 3.6.4-1
- Unaffected: 3.6.4-2kalgan1
A vulnerability has been reported in Comix, which can be exploited by malicious people to compromise a user’s sytem. The vulnerability is caused due to the improper verification of received filenames when executing the rar, unrar, or jpegtran programs. This can be exploited to execute arbitrary commands via a file containing shell metacharacters within the filename.
- Bug Tracker URL: http://bugs.frugalware.org/task/2923