A buffer overflow vulnerability has been detected in the greed
URL handling code. This bug can especially be a problem when greed is
used to process GRX (GetRight) files that originate from untrusted
sources.
The bug finder, Manigandan Radhakrishnan, gave the following
description:
Here are the bugs. First, in main.c, DownloadLoop() uses strcat()
to copy an input filename to the end of a 128-byte COMMAND array.
Second, DownloadLoop() passes the input filename to system() without
checking for special characters such as semicolons.