1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200411-12 / zgv |
| Release Date | November 07, 2004 |
| Latest Revision | May 22, 2006: 02 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| media-gfx/zgv | < 5.8 | >= 5.8 | All supported architectures |
Related bugreports: #69150
zgv contains multiple buffer overflows that can potentially lead to the execution of arbitrary code.
zgv is a console image viewer based on svgalib.
Multiple arithmetic overflows have been detected in the image processing code of zgv.
An attacker could entice a user to open a specially-crafted image file, potentially resulting in execution of arbitrary code with the rights of the user running zgv.
There is no known workaround at this time.
All zgv users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/zgv-5.8" |