xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-03-04T05:00:00

Updated: 2024-08-07T21:21:06.451Z

Reserved: 2005-03-04T00:00:00

Link: CVE-2005-0638

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2005-03-02T05:00:00.000

Modified: 2024-11-20T23:55:35.160

Link: CVE-2005-0638

cve-icon Redhat

Severity : Low

Publid Date: 2005-02-18T00:00:00Z

Links: CVE-2005-0638 - Bugzilla