xloadimage prior to 4.1-r2, and xli prior to 1.17, allows malicious users to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xli xli 1.14 |
||
xli xli 1.15 |
||
xli xli 1.16 |
||
xli xli 1.17 |
||
suse suse linux 1.0 |
||
suse suse linux 2.0 |
||
suse suse linux 5.0 |
||
suse suse linux 5.1 |
||
suse suse linux 6.3 |
||
suse suse linux 7.0 |
||
suse suse linux 7.2 |
||
suse suse linux 8.2 |
||
suse suse linux 9.0 |
||
suse suse linux 3.0 |
||
suse suse linux 4.0 |
||
suse suse linux 5.2 |
||
suse suse linux 5.3 |
||
suse suse linux 6.4 |
||
suse suse linux 7.1 |
||
suse suse linux 7.3 |
||
suse suse linux 9.1 |
||
suse suse linux 4.2 |
||
suse suse linux 4.3 |
||
suse suse linux 6.0 |
||
suse suse linux 6.1 |
||
suse suse linux 8.0 |
||
suse suse linux 9.2 |
||
altlinux alt linux 2.3 |
||
suse suse linux 4.4 |
||
suse suse linux 4.4.1 |
||
suse suse linux 6.2 |
||
suse suse linux 8.1 |
||
suse suse linux 9.3 |