OpenBSD photurisd Format String Arbitrary Command Execution
Local Access Required,
Local / Remote,
Loss of Integrity
photurisd in OpenBSD contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered due to a configuration file directory name that contains formatting characters, which could allow a malicious user to execute arbitrary code, resulting in a loss of integrity.
Upgrade to version 2.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.