CVE-2005-0638

8 documents7 sources

Severity

7.5HIGH

EPSS

2.4%

top 14.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Altlinux ALT Linux Suse Suse Linux XLI XLI

Timeline

PublishedMar 2

Latest updateMay 1

Description

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

▶Debianxloadimage< 4.1-14.1+3

▶Debianxli< 1.17.0-18+3

▶NVDxli/xli4 versions+3

▶NVDsuse/suse_linux28 versions+27

▶NVDaltlinux/alt_linux2.3

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-r884-j2c4-8c9q: xloadimage before 4↗2022-05-01

▶

CVEList

CVE-2005-0638: xloadimage before 4↗2005-03-04

▶

OSV

CVE-2005-0638: xloadimage before 4↗2005-03-02

▶

📋Vendor Advisories

Red Hat

security flaw↗2005-02-18

▶

Debian

CVE-2005-0638: xli - xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbit...↗2005

▶

💬Community

Bugzilla

CVE-2005-0638 security flaw↗2018-08-16

▶