Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Gentoo Local Security Checks --> Category: infos

[GLSA-200604-10] zgv, xzgv: Heap overflow Vulnerability Scan

Vulnerability Scan Summary
zgv, xzgv: Heap overflow

Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200604-10
(zgv, xzgv: Heap overflow)

Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate
insufficient memory when rendering images with more than 3 output
components, such as images using the YCCK or CMYK colour space. When
xzgv or zgv attempt to render the image, data from the image overruns a
heap allocated buffer.


A possible hacker may be able to construct a malicious image that
executes arbitrary code with the permissions of the xzgv or zgv user
when attempting to render the image.


There is no known workaround at this time.


All xzgv users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/xzgv-0.8-r2"
All zgv users should also upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/zgv-5.8"

Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.