blob: f0a8d8e031e636793ef9d26f53314aa1586ade01 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200501-09">
<title>xzgv: Multiple overflows</title>
xzgv contains multiple overflows that may lead to the execution of
arbitrary code.
<product type="ebuild">xzgv</product>
<announced>January 06, 2005</announced>
<revised>January 06, 2005: 01</revised>
<package name="media-gfx/xzgv" auto="yes" arch="*">
<unaffected range="ge">0.8-r1</unaffected>
<vulnerable range="le">0.8</vulnerable>
xzgv is a picture viewer for X, with a thumbnail-based file
Multiple overflows have been found in the image processing code of
xzgv, including an integer overflow in the PRF parsing code
<impact type="normal">
An attacker could entice a user to open or browse a
specially-crafted image file, potentially resulting in the execution of
arbitrary code with the rights of the user running xzgv.
There is no known workaround at this time.
All xzgv users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-gfx/xzgv-0.8-r1&quot;</code>
<uri link="">CAN-2004-0994</uri>
<uri link=";type=vulnerabilities&amp;flashstatus=true">iDEFENSE Advisory</uri>
<metadata tag="submitter" timestamp="Thu, 6 Jan 2005 12:54:06 +0000">
<metadata tag="bugReady" timestamp="Thu, 6 Jan 2005 12:55:35 +0000">