cpe:/a:comix:comix:3.6.4 CVE-2008-1568 2008-03-31T18:44:00.000-04:00 2017-08-07T21:30:15.777-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-04-01T10:10:00.000-04:00 ALLOWS_OTHER_ACCESS BID 28547 SECUNIA 29621 SECUNIA 29731 SECUNIA 29956 FEDORA FEDORA-2008-2981 FEDORA FEDORA-2008-2993 GENTOO GLSA-200804-29 XF comix-filename-command-execution(41554) CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840 comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.