CVE-2005-0638
xloadimage - missing input sanitising, integer overflow
EPSS 2.4%
Description
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
How to fix CVE-2005-0638
To remediate CVE-2005-0638, upgrade the affected package to a fixed version below.
- Debian/xli—upgrade to 1.17.0-18 or later
- Debian/xloadimage—upgrade to 4.1-14.1 or later
- Debian/xloadimage—upgrade to 4.1-10woody1 or later
Is CVE-2005-0638 being exploited?
Low — EPSS is 2.4%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.17.0-18
- from 0, < 4.1-14.1
- from 0, < 4.1-10woody1