CVE-2020-17353

Published: 2020-08-05T14:15Z

Last Modified: 2024-11-21T05:07Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt