1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200501-09 / xzgv |
| Release Date | January 06, 2005 |
| Latest Revision | January 06, 2005: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| media-gfx/xzgv | <= 0.8 | >= 0.8-r1 | All supported architectures |
Related bugreports: #74069
xzgv contains multiple overflows that may lead to the execution of arbitrary code.
xzgv is a picture viewer for X, with a thumbnail-based file selector.
Multiple overflows have been found in the image processing code of xzgv, including an integer overflow in the PRF parsing code (CAN-2004-0994).
An attacker could entice a user to open or browse a specially-crafted image file, potentially resulting in the execution of arbitrary code with the rights of the user running xzgv.
There is no known workaround at this time.
All xzgv users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/xzgv-0.8-r1" |