xv: Buffer overflows in image handling
Gentoo Linux Security Advisory
||GLSA 200409-07 / xv
||September 03, 2004
||September 03, 2004: 01
All supported architectures
xv contains multiple exploitable buffer overflows in the image handling
xv is a multi-format image manipulation utility.
Multiple buffer overflow and integer handling vulnerabilities have been
discovered in xv's image processing code. These vulnerabilities have been
found in the xvbmp.c, xviris.c, xvpcx.c and xvpm.c source files.
An attacker might be able to embed malicious code into an image, which
would lead to the execution of arbitrary code under the privileges of the
user viewing the image.
There is no known workaround at this time.
All xv users should upgrade to the latest stable version:
Code Listing 3.1: Resolution
# emerge sync
# emerge -pv ">=media-gfx/xv-3.10a-r7"
# emerge ">=media-gfx/xv-3.10a-r7"