CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.

Date published : 2005-03-04

http://www.securityfocus.com/bid/12712

http://bugs.gentoo.org/show_bug.cgi?id=79762