diff --git a/build/has_addr2line.cpp b/build/has_addr2line.cpp
index eddede4..f91bc3c 100644
--- a/build/has_addr2line.cpp
+++ b/build/has_addr2line.cpp
@@ -11,6 +11,12 @@
 #include <sys/wait.h>
 
 int main() {
-    std::string s = "addr2line -h";
+
+#ifdef BOOST_STACKTRACE_ADDR2LINE_LOCATION
+    std::string s = BOOST_STACKTRACE_ADDR2LINE_LOCATION " -h";
+#else
+    std::string s = "/usr/bin/addr2line -h";
+#endif
+
     return std::system(s.c_str());
 }
diff --git a/include/boost/stacktrace/detail/addr2line_impls.hpp b/include/boost/stacktrace/detail/addr2line_impls.hpp
index ad4a8bd..f45201a 100644
--- a/include/boost/stacktrace/detail/addr2line_impls.hpp
+++ b/include/boost/stacktrace/detail/addr2line_impls.hpp
@@ -34,7 +34,13 @@ public:
         , pid(0)
     {
         int pdes[2];
-        char prog_name[] = "addr2line";
+        #ifdef BOOST_STACKTRACE_ADDR2LINE_LOCATION
+        // TODO: static_assert that BOOST_STACKTRACE_ADDR2LINE_LOCATION is an absolute path!
+        char prog_name[] = BOOST_STACKTRACE_ADDR2LINE_LOCATION ;
+        #else
+        char prog_name[] = "/usr/bin/addr2line";
+        #endif
+
         char* argp[] = {
             prog_name,
             const_cast<char*>(flag),
@@ -50,19 +56,22 @@ public:
         pid = ::fork();
         switch (pid) {
         case -1:
-            // failed
+            // Failed...
             ::close(pdes[0]);
             ::close(pdes[1]);
             return;
 
         case 0:
-            // we are the child
+            // We are the child.
             ::close(STDERR_FILENO);
             ::close(pdes[0]);
             if (pdes[1] != STDOUT_FILENO) {
                 ::dup2(pdes[1], STDOUT_FILENO);
             }
-            ::execvp(prog_name, argp);
+
+            // Do not use `execlp()`, `execvp()`, and `execvpe()` here!
+            // `exec*p*` functions are vulnerable to PATH variable evaluation attacks.
+            ::execv(prog_name, argp);
             ::_exit(127);
         }