|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200409-07] xv: Buffer overflows in image handling Vulnerability Scan
Vulnerability Scan Summary xv: Buffer overflows in image handling
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200409-07
(xv: Buffer overflows in image handling)
Multiple buffer overflow and integer handling vulnerabilities have been
discovered in xv's image processing code. These vulnerabilities have been
found in the xvbmp.c, xviris.c, xvpcx.c and xvpm.c source files.
Impact
A possible hacker might be able to embed malicious code into an image, which
would lead to the execution of arbitrary code under the rights of the
user viewing the image.
Workaround
There is no known workaround at this time.
References:
http://www.securityfocus.com/archive/1/372345/2004-08-15/2004-08-21/0
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0802
Solution:
All xv users should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=media-gfx/xv-3.10a-r7"
# emerge ">=media-gfx/xv-3.10a-r7"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|