CVE-2005-0638
EPSS 2.4%xloadimage - missing input sanitising, integer overflow
發布日:2005/3/2修改日:2026/4/28
描述
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
受影響套件(3)
- Debian/xlifrom 0, < 1.17.0-18
- Debian/xloadimagefrom 0, < 4.1-14.1
- Debian/xloadimagefrom 0, < 4.1-10woody1