We found a way to execute arbitrary code from a greenshot file.

Description

By crafting a special greenshot file, it is possible to achieve arbitrary code execution by opening it in the editor. Due to what we identified as a serious security issue, let me know if it is possible to discuss the bug privately.

Environment

We encountered the bug on both windows 10 and 11 with Greenshot version 1.2.10 build 6. The tool is widely used in our environnment.

Attachments

Activity

Show:

Daniel Munoz
March 27, 2025 at 5:52 PM

Hi, Has this issue been fixed?

Cory Clark
July 29, 2024 at 12:49 PM
(edited)

Any update to fix this vulnerability?

Darin Lory
April 4, 2024 at 5:39 PM

Are there any fixes to this vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-34634 has it been fixed in an unstable release that could be pushed to a stable release?

Roland bonnaud
March 26, 2023 at 4:55 PM
(edited)

Hi Robin,

I realized that when clicking on the email address robin@getgreenshot.org you provided, it is in fact the address robin@greenshot.org wich is used. So my email was really sent to a bad address.

I sent you the details using the address robin@getgreenshot.org, hoping you will receive everything.

Best,

Robin Krom
March 24, 2023 at 10:45 PM

Hi I still didn’t get any feedback, let’s get into contact and tackle the issue.

Resize issue view side panel

Details

Assignee

Unassigned

Reporter

Roland bonnaud

Affects versions

1.3

1.2.10

Components

Priority

Major

Labels

Editor

Created February 15, 2023 at 4:25 PM

Updated March 27, 2025 at 5:53 PM