CVE-2014-7208

GParted <0.15.0 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-7208. PoCs published by SEC Consult.

AI-analyzed exploit summary This is a security advisory detailing CVE-2014-7208, a command injection vulnerability in GParted <=0.14.1. The vulnerability arises from improper sanitization of filesystem labels, allowing arbitrary command execution when an attacker crafts a malicious label (e.g., using backticks) and the system automounts it.

Description

GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.

Exploits (1)

exploitdb WRITEUP

by SEC Consult · textlocallinux

https://www.exploit-db.com/exploits/35595

View Code ZIP pw:eip

This is a security advisory detailing CVE-2014-7208, a command injection vulnerability in GParted <=0.14.1. The vulnerability arises from improper sanitization of filesystem labels, allowing arbitrary command execution when an attacker crafts a malicious label (e.g., using backticks) and the system automounts it.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GParted <=0.14.1

No auth needed

Prerequisites: Attacker must craft a malicious filesystem label · Victim system must automount the filesystem with the label in the mount path · User must attempt to unmount the filesystem via GParted

MITRE ATT&CK

T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Dec/77

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Scores

EPSS 0.0111

EPSS Percentile 61.7%

Details

CWE

CWE-77

Status published

Products (1)

gparted/gparted < 0.15.0

Published Dec 19, 2014

Tracked Since Feb 18, 2026