How severe is CVE-2023-39342?

This vulnerability has a severity rating of LOW with a CVSS score of 3.6 out of 10.

What type of vulnerability is CVE-2023-39342?

This is classified as CWE-150, which is a common weakness in software security.

CVE-2023-39342 - LOW Severity | CVSS 3.6

Vulnerability Description

Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI (`dangerzone-cli` command) logs output from the container where the file sanitization takes place, to the user's terminal. Prior to version 0.4.2, if the container is compromised and can return attacker-controlled strings, then the attacker may be able to spoof messages in the user's terminal or change the window title. Besides logging output from containers, it also logs the names of the files it sanitizes. If these files contain ANSI escape sequences, then the same issue applies. Dangerzone is predominantly a GUI application, so this issue should leave most of our users unaffected. Nevertheless, we always suggest updating to the newest version. This issue is fixed in Dangerzone 0.4.2.

Related Vulnerabilities

CVE-2025-1693

LOW

CVSS:3.9(Low)

The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may resu...

CWE-1502025

CVE-2024-28085

LOW

CVSS:3.3(Low)

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from s...

CWE-1502024

CVE-2021-25743

LOW

CVSS:3.0(Low)

kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as ...

CWE-1502021

CVE-2024-43785

LOW

CVSS:2.5(Low)

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspa...

CWE-1502024

CVE-2024-58251

LOW

CVSS:2.5(Low)

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) whe...

CWE-1502024

CVE-2025-30089

MEDIUM

CVSS:5.4(Medium)

gurk (aka gurk-rs) through 0.6.3 mishandles ANSI escape sequences.

CWE-1502025