CVE-2021-28927
HIGHlibretro RetroArch 1.9.0-1.9.4 - OS Command Injection via Text-to-Speech Engine
Title source: llmDescription
The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.
References (4)
Core 4
Core References
Exploit, Vendor Advisory x_refsource_misc
http://libretro.com
Product, Vendor Advisory x_refsource_misc
http://retroarch.com
Patch, Third Party Advisory x_refsource_misc
https://github.com/libretro/RetroArch/blob/d3dc3ee989ec6a4903c689907ffc47027f71f776/frontend/drivers/platform_win32.c
Exploit, Third Party Advisory x_refsource_misc
https://labs.bishopfox.com/advisories/retroarch-for-windows-version-1.9.0
Scores
CVSS v3
7.8
EPSS
0.0150
EPSS Percentile
71.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
libretro/retroarch
1.9.0 - 1.9.4
Published
Apr 07, 2021
Tracked Since
Feb 18, 2026