{"id":"UBUNTU-CVE-2018-20167","details":"Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe \"cat README.md\" command when \\e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run.","modified":"2025-10-24T04:47:17Z","published":"2018-12-17T05:29:00Z","upstream":["CVE-2018-20167"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20167"},{"type":"REPORT","url":"https://phab.enlightenment.org/T7504"},{"type":"REPORT","url":"https://git.enlightenment.org/apps/terminology.git/commit/?id=1ac204da9148e7bccb1b5f34b523e2094dfc39e2"},{"type":"REPORT","url":"https://phab.enlightenment.org/rTRM1ac204da9148e7bccb1b5f34b523e2094dfc39e2"},{"type":"REPORT","url":"https://www.enlightenment.org/news/2018-12-16-terminology-1.3.1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-20167"}],"affected":[{"package":{"name":"terminology","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/terminology@0.7.0-1+deb8u1build0.16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.7.0-1","0.7.0-1+deb8u1build0.16.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"terminology","binary_version":"0.7.0-1+deb8u1build0.16.04.1"},{"binary_name":"terminology-data","binary_version":"0.7.0-1+deb8u1build0.16.04.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-20167.json"}},{"package":{"name":"terminology","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/terminology@0.9.1-1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.9.1-1"],"ecosystem_specific":{"binaries":[{"binary_name":"terminology","binary_version":"0.9.1-1"},{"binary_name":"terminology-data","binary_version":"0.9.1-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-20167.json"}},{"package":{"name":"terminology","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/terminology@1.6.0-2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.3.2-1build1","1.6.0-2"],"ecosystem_specific":{"binaries":[{"binary_name":"terminology","binary_version":"1.6.0-2"},{"binary_name":"terminology-data","binary_version":"1.6.0-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-20167.json"}},{"package":{"name":"terminology","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/terminology@1.12.1-1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.9.0-2","1.10.0-1","1.11.0-1","1.12.1-1"],"ecosystem_specific":{"binaries":[{"binary_name":"terminology","binary_version":"1.12.1-1"},{"binary_name":"terminology-data","binary_version":"1.12.1-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-20167.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}