CVE-2022-27811

moderate-risk
Published 2022-03-24

GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.

Do I need to act?

~
3.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 20811c666c4af2f0a75e3caa5b21722fbeb8d918, 5286120c8bc8b7ba74e0f9b19b5262b509f38cee
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Ocrfeeder

Affected Vendors

Gnome

References (6)

Patch https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/5286120c8bc8b7ba74e0f9b19b5262...
Exploit https://gitlab.gnome.org/GNOME/ocrfeeder/-/issues/20
Issue Tracking https://gitlab.gnome.org/GNOME/ocrfeeder/-/merge_requests/13
Patch https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/5286120c8bc8b7ba74e0f9b19b5262...
Exploit https://gitlab.gnome.org/GNOME/ocrfeeder/-/issues/20
Issue Tracking https://gitlab.gnome.org/GNOME/ocrfeeder/-/merge_requests/13
44
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 5/34 · Minimal