CVE-2008-3904
GPicView 0.1.9 - OS Command Injection via Filename Shell Metacharacters
Title source: llmDescription
src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45137
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/09/03/1
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/08/30/1
Product x_refsource_confirm
http://lxde.svn.sourceforge.net/viewvc/lxde?view=rev&sortby=date&revision=845
Scores
EPSS
0.0169
EPSS Percentile
74.4%
Details
CWE
CWE-20
Status
published
Products (2)
lxde/gpicview
0.1.9
lxde/lightweight_x11_desktop_environment
Published
Sep 04, 2008
Tracked Since
Feb 18, 2026