CVSS: 9.8EPSS: 2%CPEs: 56EXPL: 0CVE-2005-0638
https://notcve.org/view.php?id=CVE-2005-0638
02 Mar 2005 — xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command. • http://bugs.gentoo.org/show_bug.cgi?id=79762 •
CVSS: 9.8EPSS: 2%CPEs: 56EXPL: 0CVE-2005-0639
https://notcve.org/view.php?id=CVE-2005-0639
02 Mar 2005 — Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files. • http://bugs.gentoo.org/show_bug.cgi?id=79762 •
CVSS: 9.8EPSS: 25%CPEs: 3EXPL: 3CVE-2001-0775 – xloadimage 4.1 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0775
12 Oct 2001 — Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field. • https://www.exploit-db.com/exploits/20998 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •