Joined: 12 May 2004
|Posted: Wed Jul 12, 2017 10:26 am Post subject: [ GLSA 201707-08 ] feh
|Gentoo Linux Security Advisory
Title: feh: Arbitrary remote code execution (GLSA 201707-08)
A vulnerability in feh might allow remote attackers to execute
feh is an X11 image viewer aimed mostly at console users.
Vulnerable: < 2.18.3
Unaffected: >= 2.18.3
Architectures: All supported architectures
Tobias Stoeckmann discovered it was possible to trigger an
out-of-boundary heap write with the image viewer feh while receiving an
A remote attacker, pretending to be the E17 window manager, could
possibly trigger an out-of-boundary heap write in feh while receiving an
IPC message. This could result in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
All feh users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/feh-2.18.3"
Last edited by GLSA on Fri Sep 29, 2017 4:16 am; edited 2 times in total