CVE-2022-27811
published 2022-03-24CVE-2022-27811: GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.01%
85.7th percentile
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ocrfeeder | < ocrfeeder 0.8.5-1 (bookworm) | ocrfeeder 0.8.5-1 (bookworm) |
| gnome | ocrfeeder | < 0.8.4 | 0.8.4 |
| gnome | ocrfeeder | >= 0 < 0.8.5-1 | 0.8.5-1 |
| gnome | ocrfeeder | >= 0 < 0.8.5-1 | 0.8.5-1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for GNOME OCRFeeder process spawning unexpected child processes (e.g., shells or system commands) when processing PDF or image files, which may indicate shell metacharacter injection via a malicious filename. ↗
- →Look for OCRFeeder invocations where the filename argument to the process contains shell metacharacters (e.g., ;, |, $(), backticks, &&) embedded in PDF or image filenames. ↗
- ·Vulnerability is local scope only; exploitation requires the attacker to supply a crafted PDF or image filename to a local OCRFeeder instance (e.g., via a shared directory or social engineering). ↗
- ·Fixed in OCRFeeder version 0.8.4+; Debian bullseye remains open/unpatched as of the source snapshot. Ensure patched version (0.8.5-1 or later) is deployed on affected Debian systems. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
GNOME OCRFeeder up to 0.8.3 Filename os command injection (EUVD-2022-32306)
vuldb·2026-05-15·CVSS 9.8
CVE-2022-27811 [CRITICAL] GNOME OCRFeeder up to 0.8.3 Filename os command injection (EUVD-2022-32306)
A vulnerability labeled as critical has been found in GNOME OCRFeeder up to 0.8.3. This issue affects some unknown processing of the component Filename Handler. Such manipulation leads to os command injection.
This vulnerability is documented as CVE-2022-27811. The attack requires being on the local network. There is not any exploit available.
The affected component should be upgraded.
GHSA
GHSA-2pph-3mjw-53c3: GNOME OCRFeeder before 0
ghsa_unreviewed·2022-03-25
CVE-2022-27811 [CRITICAL] CWE-78 GHSA-2pph-3mjw-53c3: GNOME OCRFeeder before 0
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.
OSV
CVE-2022-27811: GNOME OCRFeeder before 0
osv·2022-03-24·CVSS 9.8
CVE-2022-27811 [CRITICAL] CVE-2022-27811: GNOME OCRFeeder before 0
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.
Debian
CVE-2022-27811: ocrfeeder - GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacter...
vendor_debian·2022·CVSS 9.8
CVE-2022-27811 [CRITICAL] CVE-2022-27811: ocrfeeder - GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacter...
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.
Scope: local
bookworm: resolved (fixed in 0.8.5-1)
bullseye: open
forky: resolved (fixed in 0.8.5-1)
sid: resolved (fixed in 0.8.5-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/5286120c8bc8b7ba74e0f9b19b5262b509f38ceehttps://gitlab.gnome.org/GNOME/ocrfeeder/-/issues/20https://gitlab.gnome.org/GNOME/ocrfeeder/-/merge_requests/13https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/5286120c8bc8b7ba74e0f9b19b5262b509f38ceehttps://gitlab.gnome.org/GNOME/ocrfeeder/-/issues/20https://gitlab.gnome.org/GNOME/ocrfeeder/-/merge_requests/13
2022-03-24
Published