Critical severity10.0NVD Advisory· Published Jan 8, 2016· Updated Jun 17, 2026
CVE-2015-7541
CVE-2015-7541
Description
The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
colorscoreRubyGems | < 0.0.5 | 0.0.5 |
Affected products
2- cpe:2.3:a:colorscore_project:colorscore:*:*:*:*:*:ruby:*:*Range: <=0.0.4
Patches
Vulnerability mechanics
References
8- github.com/quadule/colorscore/commit/570b5e854cecddd44d2047c44126aed951b61718nvdPatchWEB
- github.com/advisories/GHSA-73qw-ww62-m54xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-7541ghsaADVISORY
- rubysec.com/advisories/CVE-2015-7541ghsaWEB
- seclists.org/oss-sec/2016/q1/17ghsaWEB
- www.openwall.com/lists/oss-security/2016/01/05/2nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/colorscore/CVE-2015-7541.ymlghsaWEB
- rubysec.com/advisories/CVE-2015-7541/nvd
News mentions
0No linked articles in our index yet.