CVE-2020-25266

AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it.
References
Link Resource
https://github.com/refi64/CVE-2020-25265-25266 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:appimage:appimaged:*:*:*:*:*:*:*:*

Information

Published : 2020-12-02 05:15

Updated : 2020-12-07 02:07


NVD link : CVE-2020-25266

Mitre link : CVE-2020-25266

Products Affected
No products.
CWE
CWE-494

Download of Code Without Integrity Check