CVE-2015-4035 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-4035 Interim 1 14 2024-07-03T02:24:37Z current 2021-05-30T13:30:20Z 2024-07-03T02:24:37Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-4035 scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 12 liblzma5 liblzma5-32bit liblzma5-x86 xz xz-devel xz-lang liblzma5 as a component of SUSE Linux Enterprise Desktop 11 SP3 liblzma5-32bit as a component of SUSE Linux Enterprise Desktop 11 SP3 xz as a component of SUSE Linux Enterprise Desktop 11 SP3 xz-lang as a component of SUSE Linux Enterprise Desktop 11 SP3 liblzma5 as a component of SUSE Linux Enterprise Desktop 12 liblzma5-32bit as a component of SUSE Linux Enterprise Desktop 12 xz as a component of SUSE Linux Enterprise Desktop 12 xz-lang as a component of SUSE Linux Enterprise Desktop 12 xz as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata liblzma5 as a component of SUSE Linux Enterprise Server 11 SP3 liblzma5-32bit as a component of SUSE Linux Enterprise Server 11 SP3 liblzma5-x86 as a component of SUSE Linux Enterprise Server 11 SP3 xz as a component of SUSE Linux Enterprise Server 11 SP3 xz-lang as a component of SUSE Linux Enterprise Server 11 SP3 liblzma5 as a component of SUSE Linux Enterprise Server 12 liblzma5-32bit as a component of SUSE Linux Enterprise Server 12 xz as a component of SUSE Linux Enterprise Server 12 xz-lang as a component of SUSE Linux Enterprise Server 12 xz-devel as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 xz as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 xz-devel as a component of SUSE Linux Enterprise Software Development Kit 12 xz as a component of SUSE Linux Enterprise Software Development Kit 12 scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name. CVE-2015-4035 SUSE Linux Enterprise Desktop 11 SP3:liblzma5 SUSE Linux Enterprise Desktop 11 SP3:liblzma5-32bit SUSE Linux Enterprise Desktop 11 SP3:xz SUSE Linux Enterprise Desktop 11 SP3:xz-lang SUSE Linux Enterprise Desktop 12:liblzma5 SUSE Linux Enterprise Desktop 12:liblzma5-32bit SUSE Linux Enterprise Desktop 12:xz SUSE Linux Enterprise Desktop 12:xz-lang SUSE Linux Enterprise Server 11 SP1 for Teradata:xz SUSE Linux Enterprise Server 11 SP3:liblzma5 SUSE Linux Enterprise Server 11 SP3:liblzma5-32bit SUSE Linux Enterprise Server 11 SP3:liblzma5-x86 SUSE Linux Enterprise Server 11 SP3:xz SUSE Linux Enterprise Server 11 SP3:xz-lang SUSE Linux Enterprise Server 12:liblzma5 SUSE Linux Enterprise Server 12:liblzma5-32bit SUSE Linux Enterprise Server 12:xz SUSE Linux Enterprise Server 12:xz-lang SUSE Linux Enterprise Software Development Kit 11 SP3:xz SUSE Linux Enterprise Software Development Kit 11 SP3:xz-devel SUSE Linux Enterprise Software Development Kit 12:xz SUSE Linux Enterprise Software Development Kit 12:xz-devel important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H