CVE-2014-7209
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-7209
Vendor advisory: security@debian.org — http://www.debian.org/security/2014/dsa-3114
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 3.58 |
| debian | bullseye | fixed | 3.58 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| debian | mime-support | {"endIncluding":"3.52-1"} | |
References
- http://secunia.com/advisories/61892
- http://secunia.com/advisories/62079
- http://www.debian.org/security/2014/dsa-3114
- http://www.openwall.com/lists/oss-security/2014/12/31/8
- http://www.securityfocus.com/bid/71797
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99570
- https://security-tracker.debian.org/tracker/CVE-2014-7209
CWEs
CWE-77
Verify integrity in audit chain (admin only). AS-IS.