CVE-2014-9622

EPSS 1.7%

xdg-utils - security update

Published: 1/21/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2014-9622

Description

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.

Affected packages (3)

Debian/xdg-utilsfrom 0, < 1.1.0~rc1+git20111210-7.3
Debian/xdg-utilsfrom 0, < 1.0.2+cvs20100307-2+deb6u1
Debian/xdg-utilsfrom 0, < 1.1.0~rc1+git20111210-6+deb7u2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9622