cbcvebase.
CVE-2015-0854
published 2016-12-29

CVE-2015-0854: App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is…

PriorityP341high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
2.50%
82.7th percentile
App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action.

Affected

5 ranges
VendorProductVersion rangeFixed in
debianshutter< shutter 0.93.1-1 (bookworm)shutter 0.93.1-1 (bookworm)
shutter-projectshutter<= 0.93.1
tenfourzeroshutter>= 0 < 0.93.1-10.93.1-1
tenfourzeroshutter>= 0 < 0.93.1-10.93.1-1
tenfourzeroshutter>= 0 < 0.93.1-10.93.1-1

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.