Description
speechd 0.54 and earlier, with the Festival or rsynth speech synthesis package, allows attackers to execute arbitrary commands via shell metacharacters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Tyler Spivey · textlocalunix
https://www.exploit-db.com/exploits/21108
References (4)
Core 4
Core References
Exploit, Patch mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-09/0089.html
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/3326
Vendor Advisory x_refsource_confirm
http://www.speechio.org/speechd.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7121
Scores
EPSS
0.0116
EPSS Percentile
78.7%
Details
Status
published
Products (1)
speechio/speechd
< 0.54
Published
Sep 11, 2001
Tracked Since
Feb 18, 2026