CVE-2010-2246 Information

Description

feh before 1.8 when the –wget-timestamp option is enabled might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.

Reference

http://derf.homelinux.org/git/feh/plain/ChangeLog http://openwall.com/lists/oss-security/2010/06/25/4 http://openwall.com/lists/oss-security/2010/06/28/4 http://www.securityfocus.com/bid/41161