CVE-2017-17526

HIGH

Giac 1.2.3.57 - Argument Injection via BROWSER Environment Variable

Title source: llm
STIX 2.1

Description

Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

References (1)

Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2017-17526

Scores

CVSS v3 8.8
EPSS 0.0122
EPSS Percentile 64.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-74
Status published
Products (1)
giac_project/giac 1.2.3.57
Published Dec 14, 2017
Tracked Since Feb 18, 2026