xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2005-03-04T05:00:00
Updated: 2024-08-07T21:21:06.451Z
Reserved: 2005-03-04T00:00:00
Link: CVE-2005-0638
Vulnrichment
No data.
NVD
Status : Modified
Published: 2005-03-02T05:00:00.000
Modified: 2024-11-20T23:55:35.160
Link: CVE-2005-0638
Redhat