AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25266
Reference (s):
- https://github.com/refi64/CVE-2020-25265-25266