CVE-2005-0638

NONE EPSS 88.1%
Published Mar 2, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published Mar 2, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.

Threat Intelligence

EPSS Exploit Probability
88.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 56

VendorProductVersionRange
xlixli1.14any
xlixli1.15any
xlixli1.16any
xlixli1.17any
altlinuxalt_linux2.3any
altlinuxalt_linux2.3any
susesuse_linux1.0any
susesuse_linux2.0any
susesuse_linux3.0any
susesuse_linux4.0any
susesuse_linux4.2any
susesuse_linux4.3any
susesuse_linux4.4any
susesuse_linux4.4.1any
susesuse_linux5.0any
susesuse_linux5.1any
susesuse_linux5.2any
susesuse_linux5.3any
susesuse_linux6.0any
susesuse_linux6.1any
susesuse_linux6.1any
susesuse_linux6.2any
susesuse_linux6.3any
susesuse_linux6.3any
susesuse_linux6.3any
susesuse_linux6.4any
susesuse_linux6.4any
susesuse_linux6.4any
susesuse_linux6.4any
susesuse_linux7.0any
susesuse_linux7.0any
susesuse_linux7.0any
susesuse_linux7.0any
susesuse_linux7.0any
susesuse_linux7.1any
susesuse_linux7.1any
susesuse_linux7.1any
susesuse_linux7.1any
susesuse_linux7.1any
susesuse_linux7.2any
susesuse_linux7.2any
susesuse_linux7.3any
susesuse_linux7.3any
susesuse_linux7.3any
susesuse_linux7.3any
susesuse_linux8.0any
susesuse_linux8.0any
susesuse_linux8.1any
susesuse_linux8.2any
susesuse_linux9.0any
susesuse_linux9.0any
susesuse_linux9.1any
susesuse_linux9.1any
susesuse_linux9.2any
susesuse_linux9.2any
susesuse_linux9.3any

References 11

  • bugs.gentoo.org http://bugs.gentoo.org/show_bug.cgi?id=79762
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/14459
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/14462
    Vendor Advisory
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200503-05.xml
    Vendor Advisory
  • support.avaya.com http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf
  • debian.org http://www.debian.org/security/2005/dsa-695
    Vendor Advisory
  • osvdb.org http://www.osvdb.org/14365
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-332.html
  • securityfocus.com http://www.securityfocus.com/archive/1/433935/30/5010/threaded
  • securityfocus.com http://www.securityfocus.com/bid/12712
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10898

Remediation

  • secunia.com http://secunia.com/advisories/14459
    PatchVendor Advisory