CVE-2001-0775

Name of the Vulnerable Software and Affected Versions xloadimage version 4.1 xli versions 1.16 through 1.17

Description The issue allows remote attackers to execute arbitrary code via a FACES format image containing a long Firstname or Lastname field. Multiple vulnerabilities in the xli package may lead to a breach of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For xloadimage version 4.1, consider disabling the handling of FACES format images until a patch is available. For xli versions 1.16 through 1.17, restrict access to the Firstname and Lastname fields in the FACES format image processing functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.