R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field.
3.4.2-1ubuntu13.4.2-1ubuntu23.4.2-2ubuntu13.4.3-13.4.3-1build13.4.4-13.4.4-1ubuntu13.6.1-43.6.1-73.6.2-23.6.2.20200221-13.6.2.20200221-1build13.6.3-24.0.4-1build14.1.2-1ubuntu14.1.2-1ubuntu24.3.1-44.3.2-14.3.2-1build14.3.3-2build14.3.3-2build24.4.3-14.5.0-34.5.1-13.0.1-3ubuntu13.0.2-1ubuntu13.0.2-1ubuntu1.1~esm23.2.2-13.2.2.20151203-13.2.3-13.2.3-23.2.3-43.2.3-4ubuntu0.1~esm3Exploitability
AV:LAC:LAT:NPR:NUI:NVulnerable System
VC:HVI:HVA:HSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N