CVE-2005-0638
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.3%
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
Affected configurations
References
bugs.gentoo.org/show_bug.cgi?id=79762
secunia.com/advisories/14459
secunia.com/advisories/14462
security.gentoo.org/glsa/glsa-200503-05.xml
support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf
www.debian.org/security/2005/dsa-695
www.osvdb.org/14365
www.redhat.com/support/errata/RHSA-2005-332.html
www.securityfocus.com/archive/1/433935/30/5010/threaded
www.securityfocus.com/bid/12712
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10898
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.3%