CVE-2020-17354
- Source
- https://cve.org/CVERecord?id=CVE-2020-17354
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-17354.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-17354
- Downstream
- Related
- Published
- 2023-04-15T22:15:06.913Z
- Modified
- 2026-04-16T00:03:35.813362718Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used.
- References
-
- https://lilypond.org/download.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K43PF6VGFJNNGAPY57BW3VMEFFOSMRLF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ST5BLLQ4GDME3SN7UE5OMNE5GZE66X4Y/
- http://lilypond.org/doc/v2.18/Documentation/usage/command_002dline-usage
- https://tracker.debian.org/news/1249694/accepted-lilypond-2221-1-source-into-unstable/
- https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory
- https://gitlab.com/lilypond/lilypond/-/merge_requests/1522
- https://phabricator.wikimedia.org/T259210
Affected packages
Git / github.com/lilypond/lilypond
Affected ranges
- Type
- GIT
- Repo
- https://github.com/lilypond/lilypond
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "cpe": "cpe:2.3:a:lilypond:lilypond:*:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "fixed": "2.24.0" } ] }
Affected versions
Other
branch_2_0
commit_to_build
cvs/HEAD
cvs/start
git/start
pre-paper-layout
tarball/HEAD
tarball/start
release/0.*
release/0.0.1
release/0.0.10
release/0.0.11
release/0.0.13
release/0.0.14
release/0.0.15
release/0.0.16
release/0.0.17
release/0.0.18
release/0.0.19
release/0.0.2
release/0.0.20
release/0.0.21
release/0.0.22
release/0.0.23
release/0.0.24
release/0.0.25
release/0.0.26
release/0.0.27
release/0.0.28
release/0.0.29
release/0.0.3
release/0.0.30
release/0.0.31
release/0.0.32
release/0.0.33
release/0.0.34
release/0.0.35
release/0.0.36
release/0.0.37
release/0.0.38
release/0.0.39-1
release/0.0.4
release/0.0.40
release/0.0.41
release/0.0.42
release/0.0.42.pre3
release/0.0.43
release/0.0.44
release/0.0.45
release/0.0.46.jcn1
release/0.0.47
release/0.0.49
release/0.0.5
release/0.0.50
release/0.0.51
release/0.0.52
release/0.0.53
release/0.0.54
release/0.0.55
release/0.0.56
release/0.0.57
release/0.0.58
release/0.0.59
release/0.0.6
release/0.0.60
release/0.0.61
release/0.0.62
release/0.0.63
release/0.0.64
release/0.0.65
release/0.0.66
release/0.0.67
release/0.0.68pre
release/0.0.7
release/0.0.70pre
release/0.0.71pre
release/0.0.72pre
release/0.0.73pre
release/0.0.74pre
release/0.0.75
release/0.0.76
release/0.0.77.jcn1
release/0.0.78
release/0.0.8
release/0.0.9
release/0.1.0
release/0.1.1
release/0.1.10
release/0.1.11
release/0.1.12
release/0.1.13
release/0.1.14
release/0.1.15
release/0.1.16
release/0.1.17
release/0.1.18
release/0.1.19
release/0.1.20
release/0.1.21
release/0.1.22
release/0.1.23
release/0.1.24
release/0.1.25
release/0.1.26
release/0.1.27
release/0.1.28
release/0.1.29
release/0.1.30
release/0.1.31
release/0.1.32
release/0.1.33
release/0.1.34
release/0.1.35
release/0.1.36
release/0.1.37
release/0.1.38
release/0.1.39
release/0.1.41
release/0.1.42
release/0.1.43
release/0.1.44
release/0.1.45
release/0.1.46
release/0.1.47
release/0.1.48
release/0.1.49
release/0.1.50
release/0.1.51
release/0.1.52
release/0.1.53
release/0.1.54
release/0.1.55
release/0.1.56
release/0.1.57
release/0.1.58
release/0.1.59
release/0.1.60
release/0.1.61
release/0.1.62
release/0.1.63
release/0.1.64
release/0.1.65
release/0.1.7
release/0.1.8
release/0.1.9
release/1.*
release/1.0.1
release/1.0.10
release/1.0.11
release/1.0.12
release/1.0.13
release/1.0.14
release/1.0.15
release/1.0.16
release/1.0.17
release/1.0.2
release/1.0.3
release/1.0.4
release/1.0.6
release/1.0.7
release/1.0.8
release/1.0.9
release/1.1.0
release/1.1.1
release/1.1.10
release/1.1.13
release/1.1.14
release/1.1.15
release/1.1.16
release/1.1.17
release/1.1.18
release/1.1.19
release/1.1.2
release/1.1.20
release/1.1.21
release/1.1.22
release/1.1.23
release/1.1.24
release/1.1.25
release/1.1.26
release/1.1.27
release/1.1.28
release/1.1.29
release/1.1.3
release/1.1.30
release/1.1.31
release/1.1.32
release/1.1.33
release/1.1.34
release/1.1.35
release/1.1.36
release/1.1.37
release/1.1.38
release/1.1.39
release/1.1.4
release/1.1.40
release/1.1.41
release/1.1.42
release/1.1.43
release/1.1.44
release/1.1.45
release/1.1.46
release/1.1.47
release/1.1.48
release/1.1.49
release/1.1.5
release/1.1.50
release/1.1.51
release/1.1.52
release/1.1.53
release/1.1.54
release/1.1.55
release/1.1.56
release/1.1.57
release/1.1.58
release/1.1.59
release/1.1.6
release/1.1.60
release/1.1.61
release/1.1.62
release/1.1.63
release/1.1.64
release/1.1.65
release/1.1.66
release/1.1.67
release/1.1.68
release/1.1.69
release/1.1.7
release/1.1.8
release/1.1.9
release/1.2.0
release/1.2.1
release/1.2.10
release/1.2.11
release/1.2.12
release/1.2.13
release/1.2.14
release/1.2.15
release/1.2.2
release/1.2.3
release/1.2.4
release/1.2.5
release/1.2.6
release/1.2.7
release/1.2.8
release/1.2.9
release/1.3.0
release/1.3.1
release/1.3.10
release/1.3.100
release/1.3.101
release/1.3.102
release/1.3.103
release/1.3.104
release/1.3.105
release/1.3.106
release/1.3.107
release/1.3.108
release/1.3.109
release/1.3.11
release/1.3.110
release/1.3.111
release/1.3.112
release/1.3.113
release/1.3.114
release/1.3.115
release/1.3.116
release/1.3.117
release/1.3.118
release/1.3.119
release/1.3.12
release/1.3.120
release/1.3.121
release/1.3.122
release/1.3.123
release/1.3.124
release/1.3.125
release/1.3.126
release/1.3.127
release/1.3.128
release/1.3.129
release/1.3.13
release/1.3.130
release/1.3.131
release/1.3.132
release/1.3.133
release/1.3.134
release/1.3.135
release/1.3.136
release/1.3.137
release/1.3.138
release/1.3.139
release/1.3.14
release/1.3.140
release/1.3.141
release/1.3.142
release/1.3.143
release/1.3.144
release/1.3.145
release/1.3.146
release/1.3.147
release/1.3.148
release/1.3.149
release/1.3.15
release/1.3.150
release/1.3.151
release/1.3.152
release/1.3.153
release/1.3.154
release/1.3.16
release/1.3.17
release/1.3.18
release/1.3.19
release/1.3.2
release/1.3.20
release/1.3.21
release/1.3.22
release/1.3.23
release/1.3.24
release/1.3.25
release/1.3.26
release/1.3.27
release/1.3.28
release/1.3.29
release/1.3.3
release/1.3.30
release/1.3.31
release/1.3.32
release/1.3.33
release/1.3.34
release/1.3.35
release/1.3.36
release/1.3.37
release/1.3.38
release/1.3.39
release/1.3.4
release/1.3.40
release/1.3.41
release/1.3.42
release/1.3.43
release/1.3.44
release/1.3.45
release/1.3.46
release/1.3.47
release/1.3.48
release/1.3.49
release/1.3.5
release/1.3.50
release/1.3.51
release/1.3.52
release/1.3.53
release/1.3.54
release/1.3.55
release/1.3.56
release/1.3.57
release/1.3.58
release/1.3.59
release/1.3.6
release/1.3.60
release/1.3.61
release/1.3.62
release/1.3.63
release/1.3.64
release/1.3.65
release/1.3.66
release/1.3.67
release/1.3.68
release/1.3.69
release/1.3.7
release/1.3.70
release/1.3.71
release/1.3.72
release/1.3.73
release/1.3.74
release/1.3.75
release/1.3.76
release/1.3.77
release/1.3.78
release/1.3.79
release/1.3.8
release/1.3.80
release/1.3.81
release/1.3.82
release/1.3.83
release/1.3.84
release/1.3.85
release/1.3.86
release/1.3.87
release/1.3.88
release/1.3.89
release/1.3.9
release/1.3.90
release/1.3.91
release/1.3.92
release/1.3.93
release/1.3.94
release/1.3.95
release/1.3.96
release/1.3.97
release/1.3.98
release/1.3.99
release/1.4.0
release/1.4.1
release/1.4.2
release/1.4.3
release/1.4.4
release/1.5.0
release/1.5.1
release/1.5.10
release/1.5.11
release/1.5.12
release/1.5.13
release/1.5.14
release/1.5.15
release/1.5.16
release/1.5.17
release/1.5.18
release/1.5.19
release/1.5.2
release/1.5.20
release/1.5.21
release/1.5.22
release/1.5.23
release/1.5.24
release/1.5.25
release/1.5.26
release/1.5.27
release/1.5.28
release/1.5.29
release/1.5.3
release/1.5.30
release/1.5.31
release/1.5.32
release/1.5.33
release/1.5.34
release/1.5.35
release/1.5.36
release/1.5.37
release/1.5.38
release/1.5.39
release/1.5.4
release/1.5.40
release/1.5.41
release/1.5.42
release/1.5.43
release/1.5.44
release/1.5.45
release/1.5.46
release/1.5.47
release/1.5.48
release/1.5.49
release/1.5.5
release/1.5.50
release/1.5.51
release/1.5.52
release/1.5.53
release/1.5.54
release/1.5.55
release/1.5.56
release/1.5.57
release/1.5.58
release/1.5.6
release/1.5.61
release/1.5.62
release/1.5.63
release/1.5.64
release/1.5.65
release/1.5.66
release/1.5.67
release/1.5.68
release/1.5.69
release/1.5.7
release/1.5.70
release/1.5.72
release/1.5.73
release/1.5.74
release/1.5.8
release/1.5.9
release/1.6.0
release/1.7.0
release/1.7.1
release/1.7.10
release/1.7.11
release/1.7.12
release/1.7.13
release/1.7.14
release/1.7.15
release/1.7.16
release/1.7.17
release/1.7.18
release/1.7.2
release/1.7.20
release/1.7.21
release/1.7.22
release/1.7.23
release/1.7.24
release/1.7.26
release/1.7.27
release/1.7.3
release/1.7.30
release/1.7.4
release/1.7.5
release/1.7.6
release/1.7.7
release/1.7.8
release/1.7.9
release/1.8.0
release/1.9.0
release/1.9.1
release/1.9.10
release/1.9.2
release/1.9.6
release/1.9.7
release/1.9.8
release/1.9.9
release/2.*
release/2.0.0
release/2.0.1
release/2.1.0
release/2.1.23
release/2.1.24
release/2.1.25
release/2.1.26
release/2.1.28
release/2.1.29
release/2.1.30
release/2.1.31
release/2.1.32
release/2.1.33
release/2.1.34
release/2.1.35
release/2.1.37
release/2.11.0-1
release/2.11.1-1
release/2.11.12-1
release/2.11.13-1
release/2.11.14-1
release/2.11.14-2
release/2.11.15-1
release/2.11.15-2
release/2.11.16-1
release/2.11.17-1
release/2.11.18-1
release/2.11.19-1
release/2.11.2-1
release/2.11.20-1
release/2.11.22-1
release/2.11.23-1
release/2.11.24-1
release/2.11.24-2
release/2.11.25-1
release/2.11.26-1
release/2.11.30-1
release/2.11.31-1
release/2.11.33-1
release/2.11.37-1
release/2.11.4-1
release/2.11.44-1
release/2.11.48-1
release/2.11.49-1
release/2.11.51-1
release/2.11.52-1
release/2.11.53-1
release/2.11.53-2
release/2.11.55-2
release/2.11.58-1
release/2.11.58-2
release/2.11.58-3
release/2.11.6-1
release/2.11.60-1
release/2.11.63-1
release/2.11.7-1
release/2.12.2-1
release/2.13.0-0
release/2.13.1-0
release/2.13.10-1
release/2.13.12-1
release/2.13.13-1
release/2.13.14-1
release/2.13.2-0
release/2.13.23-1
release/2.13.25-1
release/2.13.26-1
release/2.13.3-0
release/2.13.4-1
release/2.13.40-1
release/2.13.42-1
release/2.13.43-1
release/2.13.45-1
release/2.13.46-1
release/2.13.5-0
release/2.13.6-1
release/2.13.7-0
release/2.13.7-1
release/2.13.8-1
release/2.13.9-1
release/2.15.15-1
release/2.15.16-1
release/2.15.17-1
release/2.15.18-1
release/2.15.19-1
release/2.15.20-1
release/2.15.21-1
release/2.15.23-1
release/2.15.24-1
release/2.15.26-1
release/2.15.32-1
release/2.15.33-1
release/2.15.35-1
release/2.15.38-1
release/2.15.39-1
release/2.15.41-1
release/2.15.5-1
release/2.15.6-1
release/2.15.95-1
release/2.17.28-1
release/2.17.29-1
release/2.17.3-1
release/2.17.4-1
release/2.17.5-1
release/2.17.5-2
release/2.17.6-1
release/2.17.7-1
release/2.17.8-1
release/2.17.9-1
release/2.19.20-1
release/2.19.22-1
release/2.19.23-1
release/2.19.24-1
release/2.19.51-1
release/2.19.52-1
release/2.19.56-1
release/2.19.57-1
release/2.19.64-1
release/2.19.65-1
release/2.2.0
release/2.21.2-1
release/2.21.3-1
release/2.23.0-1
release/2.23.3-1
release/2.23.5-1
release/2.3.0
release/2.3.1
release/2.3.10
release/2.3.11
release/2.3.13
release/2.3.14
release/2.3.15
release/2.3.16
release/2.3.17
release/2.3.18
release/2.3.19
release/2.3.2
release/2.3.20
release/2.3.21
release/2.3.22
release/2.3.23
release/2.3.25
release/2.3.3
release/2.3.4
release/2.3.5
release/2.3.6
release/2.3.7
release/2.3.8
release/2.5.14
release/2.5.15
release/2.5.16
release/2.5.17
release/2.5.18
release/2.5.19
release/2.5.20
release/2.5.21
release/2.5.22
release/2.5.24
release/2.5.25
release/2.5.26
release/2.5.27
release/2.5.28
release/2.5.29
release/2.5.30
release/2.5.31
release/2.6.0
release/2.7.0
release/2.7.1
release/2.7.10
release/2.7.11
release/2.7.12
release/2.7.13
release/2.7.14
release/2.7.15
release/2.7.17
release/2.7.18
release/2.7.19
release/2.7.21
release/2.7.22
release/2.7.23
release/2.7.24
release/2.7.25
release/2.7.26
release/2.7.27
release/2.7.28
release/2.7.29
release/2.7.3
release/2.7.30
release/2.7.31
release/2.7.32
release/2.7.34
release/2.7.35
release/2.7.36
release/2.7.37
release/2.7.39
release/2.7.4
release/2.7.40
release/2.7.5
release/2.7.6
release/2.7.7
release/2.7.8
release/2.7.9
release/2.9.0
release/2.9.1
release/2.9.2
release/2.9.3
release/2.9.4
release/2.9.5
release/2.9.6
release/2.9.7
v2.*
v2.23.80
v2.23.81
v2.23.82