FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zgv, xzgv -- heap overflow vulnerability

Affected packages
zgv < 5.9_1
xzgv < 0.9

Details

VuXML ID a813a219-d2d4-11da-a672-000e0c2e438a
Discovery 2006-04-21
Entry 2006-04-23
Modified 2010-03-22

Gentoo reports:

Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space. When xzgv or zgv attempt to render the image, data from the image overruns a heap allocated buffer.

An attacker may be able to construct a malicious image that executes arbitrary code with the permissions of the xzgv or zgv user when attempting to render the image.

[source]

References

Bugtraq ID 17409
CVE Name CVE-2006-1060
URL http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.