FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xloadimage -- buffer overflow in FACES image handling

Affected packages
xli <= 1.17.0_1
xloadimage < 4.1.9

Details

VuXML ID 8c1da77d-d3e9-11d9-8ffb-00061bc2ad93
Discovery 2000-02-19
Entry 2005-06-03

In 2001, zen-parse discovered a buffer overflow in xloadimage's FACES image loader. A maliciously crafted image could cause xloadimage to execute arbitrary code. A published exploit exists for this vulnerability.

In 2005, Rob Holland discovered that the same vulnerability was present in xli.

References

CVE Name CVE-2001-0775
Message http://marc.theaimsgroup.com/?l=bugtraq&m=99477230306845
URL http://bugs.gentoo.org/show_bug.cgi?id=79762
URL https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=46186

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.