Lucene search
K

84 matches found

Cvelist
Cvelist
added 2005/03/04 5:0 a.m.20 views

CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...

7.1AI score0.03603EPSS
Exploits0References11
CVE
CVE
added 2005/03/04 5:0 a.m.68 views

CVE-2005-0638

CVE-2005-0638 affects xloadimage (and xli) where filenames are not properly quoted when invoking gunzip, allowing shell metacharacter injection and arbitrary command execution when a malformed filename is processed. The issue impacts xloadimage prior to version 4.1-r2 and xli prior to 1.17, acros...

7.5CVSS7.1AI score0.03603EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2005/03/04 5:0 a.m.28 views

CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...

7.5CVSS7.4AI score0.03603EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/03/04 12:0 a.m.32 views

GLSA-200503-05 : xli, xloadimage: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200503-05 xli, xloadimage: Multiple vulnerabilities Tavis Ormandy of the Gentoo Linux Security Audit Team has reported that xli and xloadimage contain a flaw in the handling of compressed images, where shell meta-characters are no...

7.5CVSS6.2AI score0.16344EPSS
Exploits1References4
securityvulns
securityvulns
added 2005/03/03 12:0 a.m.32 views

[Full-Disclosure] [ GLSA 200503-05 ] xli, xloadimage: Multiple vulnerabilities

Gentoo Linux Security Advisory GLSA 200503-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

7.5CVSS0.1AI score0.16344EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2005/03/02 5:0 a.m.26 views

CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...

7.5CVSS5.9AI score0.03603EPSS
Exploits0References1
NVD
NVD
added 2005/03/02 5:0 a.m.18 views

CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...

7.5CVSS7.2AI score0.03603EPSS
Exploits0References11
OSV
OSV
added 2005/03/02 5:0 a.m.14 views

CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...

7.2AI score
Exploits0References12
Gentoo Linux
Gentoo Linux
added 2005/03/02 12:0 a.m.27 views

xli, xloadimage: Multiple vulnerabilities

Background xli and xloadimage are X11 utilities for displaying and manipulating a wide range of image formats. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has reported that xli and xloadimage contain a flaw in the handling of compressed images, where shell meta-characters ar...

7.5CVSS7.4AI score0.16344EPSS
Exploits1
FreeBSD
FreeBSD
added 2005/02/18 12:0 a.m.39 views

xloadimage -- arbitrary command execution when handling compressed files

Tavis Ormandy discovered that xli and xloadimage attempt to decompress images by piping them through gunzip or similar decompression tools. Unfortunately, the unsanitized file name is included as part of the command. This is dangerous, as in some situations, such as mailcap processing, an attacke...

7.5CVSS6.5AI score0.03603EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.31 views

Debian DSA-069-1 : xloadimage - buffer overflow

The version of xloadimage a graphics files viewer for X that was shipped in Debian GNU/Linux 2.2 has a buffer overflow in the code that handles FACES format images. This could be exploited by an attacker by tricking someone into viewing a specially crafted image using xloadimagewhich would allow...

7.5CVSS6.2AI score0.16344EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.27 views

Mandrake Linux Security Advisory : xloadimage (MDKSA-2001:073-1)

A buffer overflow exists in xli due to missing boundary checks. This could be triggered by an external attacker to execute commands on the victim's machine. An exploit is publically available. xli is an image viewer that is used by Netscape's plugger to display TIFF, PNG, and Sun-Raster images...

7.5CVSS6.1AI score0.16344EPSS
Exploits1References1
NVD
NVD
added 2001/10/18 4:0 a.m.13 views

CVE-2001-0775

Buffer overflow in xloadimage 4.1 aka xli 1.16 and 1.17 in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long 1 Firstname or 2 Lastname field...

7.5CVSS7.6AI score0.16344EPSS
Exploits1References8
OSV
OSV
added 2001/10/18 4:0 a.m.3 views

CVE-2001-0775

Buffer overflow in xloadimage 4.1 aka xli 1.16 and 1.17 in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long 1 Firstname or 2 Lastname field...

8.3AI score
Exploits0References12
OSV
OSV
added 2001/10/18 4:0 a.m.2 views

DEBIAN-CVE-2001-0775

Buffer overflow in xloadimage 4.1 aka xli 1.16 and 1.17 in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long 1 Firstname or 2 Lastname field...

7.5CVSS8.3AI score0.16344EPSS
Exploits1References1
CVE
CVE
added 2001/10/12 4:0 a.m.78 views

CVE-2001-0775

CVE-2001-0775 affects xloadimage/xli (Linux) in the FACES image handler: a buffer overflow in the loader can be triggered by a specially crafted image with long Firstname/Lastname fields, potentially allowing remote code execution. The vulnerability is documented for xloadimage 4.1 (xli 1.16/1.17...

7.5CVSS7.5AI score0.16344EPSS
Exploits1References8Affected Software2
Cvelist
Cvelist
added 2001/10/12 4:0 a.m.32 views

CVE-2001-0775

Buffer overflow in xloadimage 4.1 aka xli 1.16 and 1.17 in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long 1 Firstname or 2 Lastname field...

7.5AI score0.16344EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2001/10/12 4:0 a.m.45 views

CVE-2001-0775

Buffer overflow in xloadimage 4.1 aka xli 1.16 and 1.17 in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long 1 Firstname or 2 Lastname field...

7.5CVSS7.7AI score0.16344EPSS
Exploits1
Debian
Debian
added 2001/08/09 7:45 p.m.7 views

[SECURITY] [DSA-069-1] xloadimage buffer overflow

Package : xloadimage Problem type : buffer overflow Debian-specific: no The version of xloadimage a graphics files viewer for X that was shipped in Debian GNU/Linux 2.2 has a buffer overflow in the code that handles FACES format images. This could be exploited by an attacker by tricking someone...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2001/07/10 12:0 a.m.50 views

[RHSA-2001:088-04] New xloadimage packages available

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: New xloadimage packages available Advisory ID: RHSA-2001:088-04 Issue date: 2001-06-28 Updated on: 2001-07-09 Product: Red Hat Linux Keywords: xloadimage tif faces plugger...

8.1AI score
Exploits0
Rows per page
Query Builder