CVE-2008-3904

GPicView 0.1.9 - OS Command Injection via Filename Shell Metacharacters

Title source: llm
STIX 2.1

Description

src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45137
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/09/03/1
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/08/30/1

Scores

EPSS 0.0169
EPSS Percentile 74.4%

Details

CWE
CWE-20
Status published
Products (2)
lxde/gpicview 0.1.9
lxde/lightweight_x11_desktop_environment
Published Sep 04, 2008
Tracked Since Feb 18, 2026