GLSA Bodhisattva
Joined: 13 Jun 2003 Posts: 4087 Location: Dresden, Germany
|
Posted: Thu Jan 06, 2005 9:36 pm Post subject: [ GLSA 200501-09 ] xzgv: Multiple overflows |
|
|
Gentoo Linux Security Advisory
Title: xzgv: Multiple overflows (GLSA 200501-09)
Severity: normal
Exploitable: remote
Date: January 06, 2005
Bug(s): #74069
ID: 200501-09
Synopsis
xzgv contains multiple overflows that may lead to the execution of arbitrary code.
Background
xzgv is a picture viewer for X, with a thumbnail-based file selector.
Affected Packages
Package: media-gfx/xzgv
Vulnerable: <= 0.8
Unaffected: >= 0.8-r1
Architectures: All supported architectures
Description
Multiple overflows have been found in the image processing code of xzgv, including an integer overflow in the PRF parsing code (CAN-2004-0994).
Impact
An attacker could entice a user to open or browse a specially-crafted image file, potentially resulting in the execution of arbitrary code with the rights of the user running xzgv.
Workaround
There is no known workaround at this time.
Resolution
All xzgv users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/xzgv-0.8-r1" |
References
CAN-2004-0994
iDEFENSE Advisory
Last edited by GLSA on Fri Apr 04, 2008 4:16 am; edited 3 times in total |
|