A flaw was found in the way the exubertant-ctags source code parser handled the “-o” command-line option which specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file could have resulted in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.
ELA-761-1 exuberant-ctags security update
arbitrary code execution vulnerability