|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200604-10] zgv, xzgv: Heap overflow Vulnerability Scan
Vulnerability Scan Summary zgv, xzgv: Heap overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200604-10
(zgv, xzgv: Heap overflow)
Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate
insufficient memory when rendering images with more than 3 output
components, such as images using the YCCK or CMYK colour space. When
xzgv or zgv attempt to render the image, data from the image overruns a
heap allocated buffer.
Impact
A possible hacker may be able to construct a malicious image that
executes arbitrary code with the permissions of the xzgv or zgv user
when attempting to render the image.
Workaround
There is no known workaround at this time.
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1060
Solution:
All xzgv users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/xzgv-0.8-r2"
All zgv users should also upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/zgv-5.8"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|