Unrated severityNVD Advisory· Published Mar 2, 2005· Updated Apr 16, 2026

CVE-2005-0638

Description

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.

Affected products

Xli/Xli4 versions
cpe:2.3:a:xli:xli:1.14:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:xli:xli:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:xli:xli:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:xli:xli:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:xli:xli:1.17:*:*:*:*:*:*:*
Altlinux/Alt Linux2 versions
cpe:2.3:o:altlinux:alt_linux:2.3:*:compact:*:*:*:*:*+ 1 more
- cpe:2.3:o:altlinux:alt_linux:2.3:*:compact:*:*:*:*:*
- cpe:2.3:o:altlinux:alt_linux:2.3:*:junior:*:*:*:*:*
SUSE S.A./Linux50 versions
cpe:2.3:o:suse:suse_linux:1.0:*:*:*:*:*:*:*+ 49 more
- cpe:2.3:o:suse:suse_linux:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:4.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.1:alpha:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.3:alpha:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.3:*:ppc:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.1:*:spa:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux:9.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/14459nvdPatchVendor Advisory
bugs.gentoo.org/show_bug.cginvdVendor Advisory
secunia.com/advisories/14462nvdVendor Advisory
security.gentoo.org/glsa/glsa-200503-05.xmlnvdVendor Advisory
www.debian.org/security/2005/dsa-695nvdVendor Advisory
support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdfnvd
www.osvdb.org/14365nvd
www.redhat.com/support/errata/RHSA-2005-332.htmlnvd
www.securityfocus.com/archive/1/433935/30/5010/threadednvd
www.securityfocus.com/bid/12712nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10898nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000