1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200503-09 / xv |
| Release Date | March 04, 2005 |
| Latest Revision | May 22, 2006: 02 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| media-gfx/xv | < 3.10a-r10 | >= 3.10a-r10 | All supported architectures |
Related bugreports: #83686
xv contains a format string vulnerability, potentially resulting in the execution of arbitrary code.
xv is an interactive image manipulation package for X11.
Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv.
Successful exploitation would require a victim to process a specially crafted image with a malformed filename, potentially resulting in the execution of arbitrary code.
There is no known workaround at this time.
All xv users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r10" |