HIGH
Gpgtools
CVE published 2017-02-22
CVE-2014-4677
CVE-2014-4677 describes a high-severity local privilege escalation in the installerHelper subcomponent of Libmacgpg used by GPG Suite. The vulnerable installPackage function can let a local user inject shell metacharacters through the xmlPath argument and execute arbitrary commands with root privileges. NVD rates the issue 7.8 (HIGH) and maps it to CWE-77.