CVE-2005-0638

EPSS 2.39%
Published 02.03.2005 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.

Affected products Warnungen 0 Metrics 2 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Xli ≫ Xli Version1.14

Xli ≫ Xli Version1.15

Xli ≫ Xli Version1.16

Xli ≫ Xli Version1.17

Altlinux ≫ Alt Linux Version2.3 Editioncompact

Altlinux ≫ Alt Linux Version2.3 Editionjunior

Suse ≫ Suse Linux Version1.0

Suse ≫ Suse Linux Version2.0

Suse ≫ Suse Linux Version3.0

Suse ≫ Suse Linux Version4.0

Suse ≫ Suse Linux Version4.2

Suse ≫ Suse Linux Version4.3

Suse ≫ Suse Linux Version4.4

Suse ≫ Suse Linux Version4.4.1

Suse ≫ Suse Linux Version5.0

Suse ≫ Suse Linux Version5.1

Suse ≫ Suse Linux Version5.2

Suse ≫ Suse Linux Version5.3

Suse ≫ Suse Linux Version6.0

Suse ≫ Suse Linux Version6.1

Suse ≫ Suse Linux Version6.1 Updatealpha

Suse ≫ Suse Linux Version6.2

Suse ≫ Suse Linux Version6.3

Suse ≫ Suse Linux Version6.3 Editionppc

Suse ≫ Suse Linux Version6.3 Updatealpha

Suse ≫ Suse Linux Version6.4

Suse ≫ Suse Linux Version6.4 Editioni386

Suse ≫ Suse Linux Version6.4 Editionppc

Suse ≫ Suse Linux Version6.4 Updatealpha

Suse ≫ Suse Linux Version7.0

Suse ≫ Suse Linux Version7.0 Editioni386

Suse ≫ Suse Linux Version7.0 Editionppc

Suse ≫ Suse Linux Version7.0 Editionsparc

Suse ≫ Suse Linux Version7.0 Updatealpha

Suse ≫ Suse Linux Version7.1

Suse ≫ Suse Linux Version7.1 Editionspa

Suse ≫ Suse Linux Version7.1 Editionsparc

Suse ≫ Suse Linux Version7.1 Editionx86

Suse ≫ Suse Linux Version7.1 Updatealpha

Suse ≫ Suse Linux Version7.2

Suse ≫ Suse Linux Version7.2 Editioni386

Suse ≫ Suse Linux Version7.3

Suse ≫ Suse Linux Version7.3 Editioni386

Suse ≫ Suse Linux Version7.3 Editionppc

Suse ≫ Suse Linux Version7.3 Editionsparc

Suse ≫ Suse Linux Version8.0

Suse ≫ Suse Linux Version8.0 Editioni386

Suse ≫ Suse Linux Version8.1

Suse ≫ Suse Linux Version8.2

Suse ≫ Suse Linux Version9.0

Suse ≫ Suse Linux Version9.0 Editionx86_64

Suse ≫ Suse Linux Version9.1

Suse ≫ Suse Linux Version9.1 Editionx86_64

Suse ≫ Suse Linux Version9.2

Suse ≫ Suse Linux Version9.2 Editionx86_64

Suse ≫ Suse Linux Version9.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.39%	0.844

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.debian.org/security/2005/dsa-695

Vendor Advisory

http://bugs.gentoo.org/show_bug.cgi?id=79762

Vendor Advisory

http://secunia.com/advisories/14459

Patch

Vendor Advisory

http://secunia.com/advisories/14462

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200503-05.xml

Vendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf

http://www.osvdb.org/14365

http://www.redhat.com/support/errata/RHSA-2005-332.html

http://www.securityfocus.com/archive/1/433935/30/5010/threaded

http://www.securityfocus.com/bid/12712

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10898

https://nvd.nist.gov/vuln/detail/CVE-2005-0638

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-0638

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-0638

EUVD