Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200409-07
HistorySep 03, 2004 - 12:00 a.m.

xv: Buffer overflows in image handling

2004-09-0300:00:00
Gentoo Foundation
security.gentoo.org
20

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.058

Percentile

93.4%

JSON

Background

xv is a multi-format image manipulation utility.

Description

Multiple buffer overflow and integer handling vulnerabilities have been discovered in xv’s image processing code. These vulnerabilities have been found in the xvbmp.c, xviris.c, xvpcx.c and xvpm.c source files.

Impact

An attacker might be able to embed malicious code into an image, which would lead to the execution of arbitrary code under the privileges of the user viewing the image.

Workaround

There is no known workaround at this time.

Resolution

All xv users should upgrade to the latest stable version:

 # emerge sync

 # emerge -pv ">=media-gfx/xv-3.10a-r7"
 # emerge ">=media-gfx/xv-3.10a-r7"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-gfx/xv< 3.10a-r7UNKNOWN

Related

openvas 8
osv 1
freebsd 1
debian 2
nessus 6
debiancve 1
cvelist 1
cve 1
securityvulns 1
nvd 1
gentoo 1
openvas
openvas
Debian: Security Advisory (DSA-552-1)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200409-07 (xv)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200409-07 (xv)
2008-09-24 00:00:00
osv
osv
imlib2 - unsanitised input
2004-09-22 00:00:00
freebsd
freebsd
imlib2 -- BMP decoder buffer overflow
2004-08-31 00:00:00
debian
debian
[SECURITY] [DSA 552-1] New imlib2 packages fix potential arbitrary code execution
2004-09-22 16:52:51
[SECURITY] [DSA 552-1] New imlib2 packages fix potential arbitrary code execution
2004-09-22 16:52:51
nessus
nessus
FreeBSD : imlib2 -- BMP decoder buffer overflow (ba005226-fb5b-11d8-9837-000c41e2cdad)
2009-04-23 00:00:00
GLSA-200409-07 : xv: Buffer overflows in image handling
2004-09-03 00:00:00
FreeBSD : imlib2 -- BMP decoder buffer overflow (74)
2004-08-31 00:00:00
debiancve
debiancve
CVE-2004-0802
2004-12-31 05:00:00
cvelist
cvelist
CVE-2004-0802
2004-09-24 04:00:00
cve
cve
CVE-2004-0802
2004-12-31 05:00:00
securityvulns
securityvulns
[Full-Disclosure] MDKSA-2004:089 - Updated imlib/imlib2 packages fix BMP crash vulnerability
2004-09-08 00:00:00
nvd
nvd
CVE-2004-0802
2004-12-31 05:00:00
gentoo
gentoo
ImageMagick, imlib, imlib2: BMP decoding buffer overflows
2004-09-08 00:00:00

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.058

Percentile

93.4%

JSON
Related for GLSA-200409-07
openvas8osv1freebsd1debian2nessus6debiancve1cvelist1cve1securityvulns1nvd1gentoo1