gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
| Software | From | Fixed in |
|---|---|---|
| pedro_castro / gnome-subtitles | 1.0 | 1.0.x |