xloadimage prior to 4.1-r2, and xli prior to 1.17, allows malicious users to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
xli xli 1.14 |
||
xli xli 1.15 |
||
xli xli 1.16 |
||
xli xli 1.17 |
||
suse suse linux 1.0 |
||
suse suse linux 2.0 |
||
suse suse linux 5.0 |
||
suse suse linux 5.1 |
||
suse suse linux 6.3 |
||
suse suse linux 7.0 |
||
suse suse linux 7.2 |
||
suse suse linux 8.2 |
||
suse suse linux 9.0 |
||
suse suse linux 3.0 |
||
suse suse linux 4.0 |
||
suse suse linux 5.2 |
||
suse suse linux 5.3 |
||
suse suse linux 6.4 |
||
suse suse linux 7.1 |
||
suse suse linux 7.3 |
||
suse suse linux 9.1 |
||
suse suse linux 4.2 |
||
suse suse linux 4.3 |
||
suse suse linux 6.0 |
||
suse suse linux 6.1 |
||
suse suse linux 8.0 |
||
suse suse linux 9.2 |
||
altlinux alt linux 2.3 |
||
suse suse linux 4.4 |
||
suse suse linux 4.4.1 |
||
suse suse linux 6.2 |
||
suse suse linux 8.1 |
||
suse suse linux 9.3 |
Vulmon