CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
52.3%
Severity: Medium
Date : 2016-11-14
CVE-ID : CVE-2015-0854
Package : shutter
Type : arbitrary code execution
Remote : No
Link : https://wiki.archlinux.org/index.php/CVE
The package shutter before version 0.93.1-3 is vulnerable to arbitrary
code execution.
Upgrade to 0.93.1-3.
The problem has been fixed upstream but no release is available yet.
None.
A vulnerability has been discovered in shutter. Using the “Show in
folder” menu option while viewing a file with a specially-crafted path
allows arbitrary code execution with the permissions of the user
running shutter.
An attacker is able to use a specially crafted image file to execute
arbitrary code by tricking the user into opening it with a specific
option.
https://bugs.archlinux.org/task/50735
http://seclists.org/oss-sec/2015/q3/541
https://access.redhat.com/security/cve/CVE-2015-0854
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
52.3%