Key Information on Vulnerability Vulnerability Identifier: GLSA 201709-07 Affected Packages: dev-libs/kpathsea on all architectures - Affected Versions: = 6.2.2_p20160523 Release Date: September 17, 2017 Severity: Normal Exploitability: Remote Description A vulnerability in Kpathsea that can be exploited by remote attackers. The flaw lies in which can execute arbitrary external programs during the conversion of files. Essentially allows user-assisted execution of arbitrary code due to the function in . Impact Remote attackers could exploit this by enticing a user to open a crafted file. This might result in execution of arbitrary code with the process's privileges. Resolution Users should upgrade Kpathsea to the latest version: References CVE-2016-10243