Published: 29/12/2016 Updated: 03/01/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

App/HelperFunctions.pm in Shutter up to and including 0.93.1 allows user-assisted remote malicious users to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
shutter-project shutter

Debian Bug report logs - #798862 CVE-2015-0854: Insecure use of system() Package: shutter; Maintainer for shutter is Ryan Niebur <ryan@debianorg>; Source for shutter is src:shutter (PTS, buildd, popcon) Reported by: Luke Faraone <lfaraone@debianorg> Date: Sun, 13 Sep 2015 16:27:02 UTC Severity: grave Tags: patch, ...

A vulnerability has been discovered in shutter Using the "Show in folder" menu option while viewing a file with a specially-crafted path allows arbitrary code execution with the permissions of the user running shutter ...

CWE-19 https://bugs.launchpad.net/shutter/+bug/1495163 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798862 https://nvd.nist.gov https://security.archlinux.org/CVE-2015-0854

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-0854

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect