CVE-2007-2951

Name	CVE-2007-2951
Description	The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	434419

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
kvirc (PTS)	buster	4:5.0.0+dfsg-1	fixed
	bullseye	4:5.0.0+dfsg-5	fixed
	trixie, bookworm	4:5.0.0+dfsg-6	fixed
	sid	4:5.2.2+dfsg-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
kvirc	source	(unstable)	2:3.2.4-5	medium		434419