CVE-2009-0318
gnumeric - insecure python search path
EPSS 0.07%
Description
Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
How to fix CVE-2009-0318
To remediate CVE-2009-0318, upgrade the affected package to a fixed version below.
- Debian/gnumeric—upgrade to 1.8.4-3 or later
- Debian/gnumeric—upgrade to 1.8.3-5+lenny1 or later
Is CVE-2009-0318 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.8.4-3
- from 0, < 1.8.3-5+lenny1