Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters.
This issue is fixed in version 1.3.311.
Attack Parameters
Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
Required
User action required
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 1
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Getgreenshot Greenshot
cpe:2.3:a:getgreenshot:greenshot:*:*:*:*:*:*:*:*
|
— |
1.3.311
|
References 3
https://github.com/greenshot/greenshot/commit/5dedd5c9f0a9896fa0af1d4980d875a48…
security-advisories@github.com
https://github.com/greenshot/greenshot/releases/tag/v1.3.311
security-advisories@github.com
https://github.com/greenshot/greenshot/security/advisories/GHSA-7hvw-q8q5-gpmj
security-advisories@github.com