|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200612-01] wv library: Multiple integer overflows Vulnerability Scan
Vulnerability Scan Summary
wv library: Multiple integer overflows
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200612-01
(wv library: Multiple integer overflows)
The wv library fails to do proper arithmetic checks in multiple places,
possibly leading to integer overflows.
Impact
A possible hacker could craft a malicious file that, when handled with the wv
library, could lead to the execution of arbitrary code with the
permissions of the user running the application.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4513
Solution:
All wv library users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/wv-1.2.3-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
