{"id":"CVE-2021-28927","details":"The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.","modified":"2026-03-15T22:40:24.742967Z","published":"2021-04-07T15:15:13.623Z","references":[{"type":"ADVISORY","url":"http://retroarch.com"},{"type":"FIX","url":"https://github.com/libretro/RetroArch/blob/d3dc3ee989ec6a4903c689907ffc47027f71f776/frontend/drivers/platform_win32.c"},{"type":"EVIDENCE","url":"http://libretro.com"},{"type":"EVIDENCE","url":"https://labs.bishopfox.com/advisories/retroarch-for-windows-version-1.9.0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libretro/retroarch","events":[{"introduced":"5e551dd92b79d8127e66939835ea3c2a140c4078"},{"last_affected":"c226bd87f47b3fdec642216fcaf6edc651e30eb4"}],"database_specific":{"versions":[{"introduced":"1.9.0"},{"last_affected":"1.9.4"}]}}],"versions":["v1.9.0","v1.9.1","v1.9.2","v1.9.3","v1.9.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28927.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}