CVE-2005-0638 [High] | Security Vulnerability in Xli

CVE-2005-0638 is rated Moderate Risk (62/100): CVSS High severity, with medium exploitation likelihood (EPSS 3.60%). EPSS rose +1.22% over the last day, indicating growing attacker interest. Review affected assets and schedule remediation.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	2.39%	3.60%	+1.22%
2	2025-07-05	2.77%	2.39%	-0.39%
3	2025-03-30	—	2.77%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

2.39%

3.60%

+1.22%

2025-07-05

2.77%

2.39%

-0.39%

2025-03-30

—

2.77%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.5	2.0	HIGH	`AV:N/AC:L/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	10.0	6.4	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

7.5

2.0

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:P): Partial availability impact.

10.0

6.4

[email protected]

OS Trackers for CVE-2005-0638

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2005-0638 not yet assigned priority: Debian including 2 source packages (xli, xloadimage), 10 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 10.	https://security-tracker.debian.org/tracker/CVE-2005-0638
`gentoo`	normal	CVE-2005-0638: 1 GLSA(s) (200503-05), 2 atom(s) (media-gfx/xli, media-gfx/xloadimage); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2005-0638
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2005-0638
`ubuntu`	medium	CVE-2005-0638 medium priority: Ubuntu including 2 source packages (xli, xloadimage), 8 status rows across 4 suites (dapper, edgy, feisty, upstream): released 6, needs-triage 2.	https://ubuntu.com/security/CVE-2005-0638

Affected software / configurations for CVE-2005-0638

Vendor	Product	Version	Raw CPE
xli	xli	1.14	cpe:2.3:a:xli:xli:1.14:::::::*
xli	xli	1.15	cpe:2.3:a:xli:xli:1.15:::::::*
xli	xli	1.16	cpe:2.3:a:xli:xli:1.16:::::::*
xli	xli	1.17	cpe:2.3:a:xli:xli:1.17:::::::*
altlinux	alt_linux	2.3	cpe:2.3:o:altlinux:alt_linux:2.3::compact:::::
altlinux	alt_linux	2.3	cpe:2.3:o:altlinux:alt_linux:2.3::junior:::::
suse	suse_linux	1.0	cpe:2.3:o:suse:suse_linux:1.0:::::::*
suse	suse_linux	2.0	cpe:2.3:o:suse:suse_linux:2.0:::::::*
suse	suse_linux	3.0	cpe:2.3:o:suse:suse_linux:3.0:::::::*
suse	suse_linux	4.0	cpe:2.3:o:suse:suse_linux:4.0:::::::*
suse	suse_linux	4.2	cpe:2.3:o:suse:suse_linux:4.2:::::::*
suse	suse_linux	4.3	cpe:2.3:o:suse:suse_linux:4.3:::::::*
suse	suse_linux	4.4	cpe:2.3:o:suse:suse_linux:4.4:::::::*
suse	suse_linux	4.4.1	cpe:2.3:o:suse:suse_linux:4.4.1:::::::*
suse	suse_linux	5.0	cpe:2.3:o:suse:suse_linux:5.0:::::::*
suse	suse_linux	5.1	cpe:2.3:o:suse:suse_linux:5.1:::::::*
suse	suse_linux	5.2	cpe:2.3:o:suse:suse_linux:5.2:::::::*
suse	suse_linux	5.3	cpe:2.3:o:suse:suse_linux:5.3:::::::*
suse	suse_linux	6.0	cpe:2.3:o:suse:suse_linux:6.0:::::::*
suse	suse_linux	6.1	cpe:2.3:o:suse:suse_linux:6.1:::::::*
suse	suse_linux	6.1	cpe:2.3:o:suse:suse_linux:6.1:alpha::::::
suse	suse_linux	6.2	cpe:2.3:o:suse:suse_linux:6.2:::::::*
suse	suse_linux	6.3	cpe:2.3:o:suse:suse_linux:6.3:::::::*
suse	suse_linux	6.3	cpe:2.3:o:suse:suse_linux:6.3::ppc:::::
suse	suse_linux	6.3	cpe:2.3:o:suse:suse_linux:6.3:alpha::::::
suse	suse_linux	6.4	cpe:2.3:o:suse:suse_linux:6.4:::::::*
suse	suse_linux	6.4	cpe:2.3:o:suse:suse_linux:6.4::i386:::::
suse	suse_linux	6.4	cpe:2.3:o:suse:suse_linux:6.4::ppc:::::
suse	suse_linux	6.4	cpe:2.3:o:suse:suse_linux:6.4:alpha::::::
suse	suse_linux	7.0	cpe:2.3:o:suse:suse_linux:7.0:::::::*
suse	suse_linux	7.0	cpe:2.3:o:suse:suse_linux:7.0::i386:::::
suse	suse_linux	7.0	cpe:2.3:o:suse:suse_linux:7.0::ppc:::::
suse	suse_linux	7.0	cpe:2.3:o:suse:suse_linux:7.0::sparc:::::
suse	suse_linux	7.0	cpe:2.3:o:suse:suse_linux:7.0:alpha::::::
suse	suse_linux	7.1	cpe:2.3:o:suse:suse_linux:7.1:::::::*
suse	suse_linux	7.1	cpe:2.3:o:suse:suse_linux:7.1::spa:::::
suse	suse_linux	7.1	cpe:2.3:o:suse:suse_linux:7.1::sparc:::::
suse	suse_linux	7.1	cpe:2.3:o:suse:suse_linux:7.1::x86:::::
suse	suse_linux	7.1	cpe:2.3:o:suse:suse_linux:7.1:alpha::::::
suse	suse_linux	7.2	cpe:2.3:o:suse:suse_linux:7.2:::::::*
suse	suse_linux	7.2	cpe:2.3:o:suse:suse_linux:7.2::i386:::::
suse	suse_linux	7.3	cpe:2.3:o:suse:suse_linux:7.3:::::::*
suse	suse_linux	7.3	cpe:2.3:o:suse:suse_linux:7.3::i386:::::
suse	suse_linux	7.3	cpe:2.3:o:suse:suse_linux:7.3::ppc:::::
suse	suse_linux	7.3	cpe:2.3:o:suse:suse_linux:7.3::sparc:::::
suse	suse_linux	8.0	cpe:2.3:o:suse:suse_linux:8.0:::::::*
suse	suse_linux	8.0	cpe:2.3:o:suse:suse_linux:8.0::i386:::::
suse	suse_linux	8.1	cpe:2.3:o:suse:suse_linux:8.1:::::::*
suse	suse_linux	8.2	cpe:2.3:o:suse:suse_linux:8.2:::::::*
suse	suse_linux	9.0	cpe:2.3:o:suse:suse_linux:9.0:::::::*
suse	suse_linux	9.0	cpe:2.3:o:suse:suse_linux:9.0::x86_64:::::
suse	suse_linux	9.1	cpe:2.3:o:suse:suse_linux:9.1:::::::*
suse	suse_linux	9.1	cpe:2.3:o:suse:suse_linux:9.1::x86_64:::::
suse	suse_linux	9.2	cpe:2.3:o:suse:suse_linux:9.2:::::::*
suse	suse_linux	9.2	cpe:2.3:o:suse:suse_linux:9.2::x86_64:::::
suse	suse_linux	9.3	cpe:2.3:o:suse:suse_linux:9.3:::::::*

References for CVE-2005-0638

URL	Tags
http://bugs.gentoo.org/show_bug.cgi?id=79762	Vendor Advisory
http://secunia.com/advisories/14459	Patch Vendor Advisory
http://secunia.com/advisories/14462	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200503-05.xml	Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf
http://www.debian.org/security/2005/dsa-695	Vendor Advisory
http://www.osvdb.org/14365
http://www.redhat.com/support/errata/RHSA-2005-332.html
http://www.securityfocus.com/archive/1/433935/30/5010/threaded
http://www.securityfocus.com/bid/12712
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10898

URL

CVE-2005-0638

Exploit prediction scoring system (EPSS) score for CVE-2005-0638

Common vulnerability scoring system (CVSS) metrics for CVE-2005-0638

Weakness enumeration for CVE-2005-0638

OS Trackers for CVE-2005-0638

Affected software / configurations for CVE-2005-0638

References for CVE-2005-0638