CVE-2008-3904

Published: Sep 4, 2008Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.

Affected (2)

Products: Lxde: Gpicview, Lightweight X11 Desktop Environment

Lxde

2 products

Gpicview

Lightweight X11 Desktop Environment

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Lxde Gpicview	Version 0.1.9
Lxde Lightweight X11 Desktop Environment	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://lxde.svn.sourceforge.net/viewvc/lxde?view=rev&sortby=date&revision=845

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2008/08/30/1

Source: cve@mitre.org

Exploit

http://www.openwall.com/lists/oss-security/2008/09/03/1

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/45137

Source: cve@mitre.org

http://lxde.svn.sourceforge.net/viewvc/lxde?view=rev&sortby=date&revision=845

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2008/08/30/1

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.openwall.com/lists/oss-security/2008/09/03/1

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/45137

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.