Aggregates CVE and security vulnerability intelligence across all xli-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk buffer overflow and vendor risk integer handling; exposure may include vendor impact application crash and vendor impact memory corruption in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2005-3178 | Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assisted attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations. | [email protected] | 5.1 | 2.34% | 2005-10-07 | 2026-04-16 |
| CVE-2005-0639 | Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files. | [email protected] | 7.5 | 1.96% | 2005-03-02 | 2026-04-16 |
| CVE-2005-0638 | xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command. | [email protected] | 7.5 | 2.39% | 2005-03-02 | 2026-04-16 |
| CVE-2001-0775 | Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field. | [email protected] | 7.5 | 25.56% | 2001-10-18 | 2026-04-16 |