alsa-project/alsa-lib issue #365 was opened from szsam:

The value of the first argument of dlopen() may come from getenv. Using externally controlled strings in a process operation can allow an attacker to execute malicious commands.

https://github.com/alsa-project/alsa-lib/blob/ed6b07084bfea4155bbc98bcf38508... https://github.com/alsa-project/alsa-lib/blob/ed6b07084bfea4155bbc98bcf38508...

Issue URL : https://github.com/alsa-project/alsa-lib/issues/365 Repository URL: https://github.com/alsa-project/alsa-lib