Description
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
References (11)
Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12712
Vendor Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200503-05.xml
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14459
Vendor Advisory x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=79762
Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-695
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-332.html
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14462
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10898
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_fedora
http://www.securityfocus.com/archive/1/433935/30/5010/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/14365
Scores
EPSS
0.0239
EPSS Percentile
85.2%
Details
Status
published
Products (28)
altlinux/alt_linux
2.3 (2 CPE variants)
suse/suse_linux
1.0
suse/suse_linux
2.0
suse/suse_linux
3.0
suse/suse_linux
4.0
suse/suse_linux
4.2
suse/suse_linux
4.3
suse/suse_linux
4.4
suse/suse_linux
4.4.1
suse/suse_linux
5.0
... and 18 more
Published
Mar 02, 2005
Tracked Since
Feb 18, 2026