CVE-2003-0165
unknown
CVSS v3
—
CVSS v4 NEW
—
VIR risk
1.0
Description
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.
✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
GNOME Eye Of Gnome 1.0.x/1.1.x/2.2 - Format String
source: https://www.securityfocus.com/bid/7121/info
GNOME Eye of Gnome (EOG) image viewer is prone to a format string vulnerability. This condition may lead to execution of arbitrary code if malicious format specifiers are supplied to the program via the command line. As some utilities may be configured to invoke EOG as the handler for images through a mailcap entry, this may allow for local privilege escalation or possibly remote exploitation.
$ /usr/bin/eog this_is_an_invalid_file_%n%nOS impact
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2.2.1 |
| sid | Fixed | 2.2.1 |
| forky | Fixed | 2.2.1 |
| bullseye | Fixed | 2.2.1 |
| bookworm | Fixed | 2.2.1 |
References
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.