CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2005-3178 – Gentoo Linux Security Advisory 200510-26
https://notcve.org/view.php?id=CVE-2005-3178
07 Oct 2005 — Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assisted attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations. When XLI or Xloadimage process an image, they create a new image object to contain the new image, copying the title from the old image to the newly created image. Ariel Berkman reported that the 'zoom', 'reduce', and 'rotate' functions use a fixed length buffer to contain ... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.62/SCOSA-2005.62.txt •
CVSS: 9.8EPSS: 2%CPEs: 56EXPL: 0CVE-2005-0638 – dsa-695.txt
https://notcve.org/view.php?id=CVE-2005-0638
02 Mar 2005 — xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command. Several vulnerabilities have been discovered in xli, an image viewer for X11. • http://bugs.gentoo.org/show_bug.cgi?id=79762 •
CVSS: 9.8EPSS: 2%CPEs: 56EXPL: 0CVE-2005-0639 – dsa-695.txt
https://notcve.org/view.php?id=CVE-2005-0639
02 Mar 2005 — Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files. Several vulnerabilities have been discovered in xli, an image viewer for X11. • http://bugs.gentoo.org/show_bug.cgi?id=79762 •
CVSS: 9.8EPSS: 25%CPEs: 3EXPL: 3CVE-2001-0775 – xloadimage 4.1 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0775
12 Oct 2001 — Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field. Tavis Ormandy of the Gentoo Linux Security Audit Team has reported that xli and xloadimage contain a flaw in the handling of compressed images, where shell meta-characters are not adequately escaped. Rob Holland of the Gentoo Linux Security Audit Team has reported that an xloadimage vulnerability in the handling o... • https://www.exploit-db.com/exploits/20998 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •