Vulnerability Details CVE-2005-0638
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 85.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://bugs.gentoo.org/show_bug.cgi?id=79762
- http://secunia.com/advisories/14459
- http://secunia.com/advisories/14462
- http://security.gentoo.org/glsa/glsa-200503-05.xml
- http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf
- http://www.debian.org/security/2005/dsa-695
- http://www.osvdb.org/14365
- http://www.redhat.com/support/errata/RHSA-2005-332.html
- http://www.securityfocus.com/archive/1/433935/30/5010/threaded
- http://www.securityfocus.com/bid/12712
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10898
- http://bugs.gentoo.org/show_bug.cgi?id=79762
- http://secunia.com/advisories/14459
- http://secunia.com/advisories/14462
- http://security.gentoo.org/glsa/glsa-200503-05.xml
- http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf
- http://www.debian.org/security/2005/dsa-695
- http://www.osvdb.org/14365
- http://www.redhat.com/support/errata/RHSA-2005-332.html
- http://www.securityfocus.com/archive/1/433935/30/5010/threaded
- http://www.securityfocus.com/bid/12712
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10898
Products affected by CVE-2005-0638
-
cpe:2.3:a:xli:xli:1.14
-
cpe:2.3:a:xli:xli:1.15
-
cpe:2.3:a:xli:xli:1.16
-
cpe:2.3:a:xli:xli:1.17
-
cpe:2.3:o:altlinux:alt_linux:2.3
-
cpe:2.3:o:suse:suse_linux:1.0
-
cpe:2.3:o:suse:suse_linux:2.0
-
cpe:2.3:o:suse:suse_linux:3.0
-
cpe:2.3:o:suse:suse_linux:4.0
-
cpe:2.3:o:suse:suse_linux:4.2
-
cpe:2.3:o:suse:suse_linux:4.3
-
cpe:2.3:o:suse:suse_linux:4.4
-
cpe:2.3:o:suse:suse_linux:4.4.1
-
cpe:2.3:o:suse:suse_linux:5.0
-
cpe:2.3:o:suse:suse_linux:5.1
-
cpe:2.3:o:suse:suse_linux:5.2
-
cpe:2.3:o:suse:suse_linux:5.3
-
cpe:2.3:o:suse:suse_linux:6.0
-
cpe:2.3:o:suse:suse_linux:6.1
-
cpe:2.3:o:suse:suse_linux:6.2
-
cpe:2.3:o:suse:suse_linux:6.3
-
cpe:2.3:o:suse:suse_linux:6.4
-
cpe:2.3:o:suse:suse_linux:7.0
-
cpe:2.3:o:suse:suse_linux:7.1
-
cpe:2.3:o:suse:suse_linux:7.2
-
cpe:2.3:o:suse:suse_linux:7.3
-
cpe:2.3:o:suse:suse_linux:8.0
-
cpe:2.3:o:suse:suse_linux:8.1
-
cpe:2.3:o:suse:suse_linux:8.2
-
cpe:2.3:o:suse:suse_linux:9.0
-
cpe:2.3:o:suse:suse_linux:9.1
-
cpe:2.3:o:suse:suse_linux:9.2
-
cpe:2.3:o:suse:suse_linux:9.3