alsa-project/alsa-lib issue #365 was opened from szsam: The value of the first argument of dlopen() may come from getenv. Using externally controlled strings in a process operation can allow an attacker to execute malicious commands. https://github.com/alsa-project/alsa-lib/blob/ed6b07084bfea4155bbc98bcf38508ab81bdd008/src/dlmisc.c#L155 https://github.com/alsa-project/alsa-lib/blob/ed6b07084bfea4155bbc98bcf38508ab81bdd008/src/pcm/pcm_ladspa.c#L1094 Issue URL : https://github.com/alsa-project/alsa-lib/issues/365 Repository URL: https://github.com/alsa-project/alsa-lib