84 matches found
CVE-2005-0638
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...
CVE-2005-0638
CVE-2005-0638 affects xloadimage (and xli) where filenames are not properly quoted when invoking gunzip, allowing shell metacharacter injection and arbitrary command execution when a malformed filename is processed. The issue impacts xloadimage prior to version 4.1-r2 and xli prior to 1.17, acros...
CVE-2005-0638
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...
GLSA-200503-05 : xli, xloadimage: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200503-05 xli, xloadimage: Multiple vulnerabilities Tavis Ormandy of the Gentoo Linux Security Audit Team has reported that xli and xloadimage contain a flaw in the handling of compressed images, where shell meta-characters are no...
[Full-Disclosure] [ GLSA 200503-05 ] xli, xloadimage: Multiple vulnerabilities
Gentoo Linux Security Advisory GLSA 200503-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
CVE-2005-0638
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...
CVE-2005-0638
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...
CVE-2005-0638
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...
xli, xloadimage: Multiple vulnerabilities
Background xli and xloadimage are X11 utilities for displaying and manipulating a wide range of image formats. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has reported that xli and xloadimage contain a flaw in the handling of compressed images, where shell meta-characters ar...
xloadimage -- arbitrary command execution when handling compressed files
Tavis Ormandy discovered that xli and xloadimage attempt to decompress images by piping them through gunzip or similar decompression tools. Unfortunately, the unsanitized file name is included as part of the command. This is dangerous, as in some situations, such as mailcap processing, an attacke...
Debian DSA-069-1 : xloadimage - buffer overflow
The version of xloadimage a graphics files viewer for X that was shipped in Debian GNU/Linux 2.2 has a buffer overflow in the code that handles FACES format images. This could be exploited by an attacker by tricking someone into viewing a specially crafted image using xloadimagewhich would allow...
Mandrake Linux Security Advisory : xloadimage (MDKSA-2001:073-1)
A buffer overflow exists in xli due to missing boundary checks. This could be triggered by an external attacker to execute commands on the victim's machine. An exploit is publically available. xli is an image viewer that is used by Netscape's plugger to display TIFF, PNG, and Sun-Raster images...
CVE-2001-0775
Buffer overflow in xloadimage 4.1 aka xli 1.16 and 1.17 in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long 1 Firstname or 2 Lastname field...
CVE-2001-0775
Buffer overflow in xloadimage 4.1 aka xli 1.16 and 1.17 in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long 1 Firstname or 2 Lastname field...
DEBIAN-CVE-2001-0775
Buffer overflow in xloadimage 4.1 aka xli 1.16 and 1.17 in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long 1 Firstname or 2 Lastname field...
CVE-2001-0775
CVE-2001-0775 affects xloadimage/xli (Linux) in the FACES image handler: a buffer overflow in the loader can be triggered by a specially crafted image with long Firstname/Lastname fields, potentially allowing remote code execution. The vulnerability is documented for xloadimage 4.1 (xli 1.16/1.17...
CVE-2001-0775
Buffer overflow in xloadimage 4.1 aka xli 1.16 and 1.17 in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long 1 Firstname or 2 Lastname field...
CVE-2001-0775
Buffer overflow in xloadimage 4.1 aka xli 1.16 and 1.17 in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long 1 Firstname or 2 Lastname field...
[SECURITY] [DSA-069-1] xloadimage buffer overflow
Package : xloadimage Problem type : buffer overflow Debian-specific: no The version of xloadimage a graphics files viewer for X that was shipped in Debian GNU/Linux 2.2 has a buffer overflow in the code that handles FACES format images. This could be exploited by an attacker by tricking someone...
[RHSA-2001:088-04] New xloadimage packages available
--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: New xloadimage packages available Advisory ID: RHSA-2001:088-04 Issue date: 2001-06-28 Updated on: 2001-07-09 Product: Red Hat Linux Keywords: xloadimage tif faces plugger...