Joined: 13 Jun 2003
Location: Dresden, Germany
|Posted: Sun Nov 07, 2004 7:23 pm Post subject: [ GLSA 200411-12 ] zgv: Multiple buffer overflows
|Gentoo Linux Security Advisory
Title: zgv: Multiple buffer overflows (GLSA 200411-12)
Date: November 07, 2004
Updated: May 22, 2006
zgv contains multiple buffer overflows that can potentially lead to the
execution of arbitrary code.
zgv is a console image viewer based on svgalib.
Vulnerable: < 5.8
Unaffected: >= 5.8
Architectures: All supported architectures
Multiple arithmetic overflows have been detected in the image
processing code of zgv.
An attacker could entice a user to open a specially-crafted image file,
potentially resulting in execution of arbitrary code with the rights of
the user running zgv.
There is no known workaround at this time.
All zgv users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/zgv-5.8"
Last edited by GLSA on Sat Mar 03, 2012 4:17 am; edited 6 times in total