blob: e66d8583b70d30ac2b2b7bf416defe51bb2f601f [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200411-12">
<title>zgv: Multiple buffer overflows</title>
zgv contains multiple buffer overflows that can potentially lead to the
execution of arbitrary code.
<product type="ebuild">zgv</product>
<announced>November 07, 2004</announced>
<revised>May 22, 2006: 02</revised>
<package name="media-gfx/zgv" auto="yes" arch="*">
<unaffected range="ge">5.8</unaffected>
<vulnerable range="lt">5.8</vulnerable>
zgv is a console image viewer based on svgalib.
Multiple arithmetic overflows have been detected in the image
processing code of zgv.
<impact type="normal">
An attacker could entice a user to open a specially-crafted image file,
potentially resulting in execution of arbitrary code with the rights of
the user running zgv.
There is no known workaround at this time.
All zgv users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-gfx/zgv-5.8&quot;</code>
<uri link="">BugTraq Advisory</uri>
<uri link="">CVE-2004-1095</uri>
<metadata tag="requester" timestamp="Sat, 6 Nov 2004 19:26:29 +0000">
<metadata tag="bugReady" timestamp="Sat, 6 Nov 2004 20:47:51 +0000">
<metadata tag="submitter" timestamp="Sat, 6 Nov 2004 21:08:18 +0000">