CVE-2008-5987
published 2009-01-28CVE-2008-5987: Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary…
PriorityP420medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.40%
31.6th percentile
Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | eog | < eog 2.22.3-2 (bookworm) | eog 2.22.3-2 (bookworm) |
| gnome | eog | — | — |
| gnome | eog | >= 0 < 2.22.3-2 | 2.22.3-2 |
| gnome | eog | >= 0 < 2.22.3-2 | 2.22.3-2 |
| gnome | eog | >= 0 < 2.22.3-2 | 2.22.3-2 |
| gnome | eog | >= 0 < 2.22.3-2 | 2.22.3-2 |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9LOW
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
eog: untrusted python modules search path
vendor_redhat·2008-11-02·CVSS 6.9
CVE-2008-5987 [MEDIUM] eog: untrusted python modules search path
eog: untrusted python modules search path
Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
Statement: This issue does not affect the versions of the eog package, as shipped with Red Hat Enterprise Linux 3, 4, and 5.
Debian
CVE-2008-5987: eog - Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog...
vendor_debian·2008·CVSS 6.9
CVE-2008-5987 [MEDIUM] CVE-2008-5987: eog - Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog...
Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
Scope: local
bookworm: resolved (fixed in 2.22.3-2)
bullseye: resolved (fixed in 2.22.3-2)
forky: resolved (fixed in 2.22.3-2)
sid: resolved (fixed in 2.22.3-2)
trixie: resolved (fixed in 2.22.3-2)
GHSA
GHSA-5g97-43jg-qgrv: Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2
ghsa_unreviewed·2022-05-17·CVSS 6.9
CVE-2008-5987 [MEDIUM] GHSA-5g97-43jg-qgrv: Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2
Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
OSV
CVE-2008-5987: Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2
osv·2009-01-28·CVSS 6.9
CVE-2008-5987 [MEDIUM] CVE-2008-5987: Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2
Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
No detection rules found.
No public exploits indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504352http://security.gentoo.org/glsa/glsa-200904-06.xmlhttp://www.openwall.com/lists/oss-security/2009/01/26/2http://www.securityfocus.com/bid/33443https://bugzilla.redhat.com/show_bug.cgi?id=481553http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504352http://security.gentoo.org/glsa/glsa-200904-06.xmlhttp://www.openwall.com/lists/oss-security/2009/01/26/2http://www.securityfocus.com/bid/33443https://bugzilla.redhat.com/show_bug.cgi?id=481553
2009-01-28
Published