<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200604-10"> <title>zgv, xzgv: Heap overflow</title> <synopsis> xzgv and zgv attempt to decode JPEG images within the CMYK/YCCK colour space incorrectly, potentially resulting in the execution of arbitrary code. </synopsis> <product type="ebuild">xzgv</product> <announced>2006-04-21</announced> <revised count="02">2006-06-10</revised> <bug>127008</bug> <access>remote</access> <affected> <package name="media-gfx/xzgv" auto="yes" arch="*"> <unaffected range="ge">0.8-r2</unaffected> <vulnerable range="lt">0.8-r2</vulnerable> </package> <package name="media-gfx/zgv" auto="yes" arch="*"> <unaffected range="ge">5.9</unaffected> <vulnerable range="lt">5.9</vulnerable> </package> </affected> <background> <p> xzgv and zgv are picture viewing utilities with a thumbnail based file selector. </p> </background> <description> <p> Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space. When xzgv or zgv attempt to render the image, data from the image overruns a heap allocated buffer. </p> </description> <impact type="normal"> <p> An attacker may be able to construct a malicious image that executes arbitrary code with the permissions of the xzgv or zgv user when attempting to render the image. </p> </impact> <workaround> <p> There is no known workaround at this time. </p> </workaround> <resolution> <p> All xzgv users should upgrade to the latest version: </p> <code> # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/xzgv-0.8-r2"</code> <p> All zgv users should also upgrade to the latest version: </p> <code> # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/zgv-5.9"</code> </resolution> <references> <uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1060">CVE-2006-1060</uri> <uri link="https://www.svgalib.org/rus/zgv/">homepage plus Changelog</uri> </references> <metadata tag="requester" timestamp="2006-04-07T14:45:12Z"> jaervosz </metadata> <metadata tag="bugReady" timestamp="2006-04-14T20:39:46Z"> koon </metadata> <metadata tag="submitter" timestamp="2006-04-20T16:13:24Z"> taviso </metadata> </glsa>