Descriptionxloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2005:012, published Fri, 29 Apr 2005 14:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 01:05:09 2013
CVE page last modified: Fri Oct 7 12:45:30 2022