cbcvebase.
CVE-2016-10081
published 2016-12-29

CVE-2016-10081: /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled…

PriorityP352high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
6.62%
93.0th percentile
/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action.

Affected

5 ranges
VendorProductVersion rangeFixed in
debianshutter< shutter 0.93.1-1.3 (bookworm)shutter 0.93.1-1.3 (bookworm)
shutter-projectshutter<= 0.93.1
tenfourzeroshutter>= 0 < 0.93.1-1.30.93.1-1.3
tenfourzeroshutter>= 0 < 0.93.1-1.30.93.1-1.3
tenfourzeroshutter>= 0 < 0.93.1-1.30.93.1-1.3

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.