CVE-2005-0638
EPSS 2.4%xloadimage - missing input sanitising, integer overflow
Published: 3/2/2005Modified: 4/28/2026
Description
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
Affected packages (3)
- Debian/xlifrom 0, < 1.17.0-18
- Debian/xloadimagefrom 0, < 4.1-14.1
- Debian/xloadimagefrom 0, < 4.1-10woody1