FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-25 08:52:18 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a813a219-d2d4-11da-a672-000e0c2e438azgv, xzgv -- heap overflow vulnerability

Gentoo reports:

Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space. When xzgv or zgv attempt to render the image, data from the image overruns a heap allocated buffer.

An attacker may be able to construct a malicious image that executes arbitrary code with the permissions of the xzgv or zgv user when attempting to render the image.


Discovery 2006-04-21
Entry 2006-04-23
Modified 2010-03-22
zgv
< 5.9_1

xzgv
< 0.9

17409
CVE-2006-1060
http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml
249a8c42-6973-11d9-ae49-000c41e2cdadzgv -- exploitable heap overflows

infamous41md reports:

zgv uses malloc() frequently to allocate memory for storing image data. When calculating how much to allocate, user supplied data from image headers is multiplied and/or added without any checks for arithmetic overflows. We can overflow numerous calculations, and cause small buffers to be allocated. Then we can overflow the buffer, and eventually execute code. There are a total of 11 overflows that are exploitable to execute arbitrary code.

These bugs exist in both zgv and xzgv.


Discovery 2004-10-26
Entry 2005-01-18
Modified 2005-01-21
zgv
< 5.8_1

xzgv
< 0.8_2

http://marc.theaimsgroup.com/?l=bugtraq&m=109886210702781
http://marc.theaimsgroup.com/?l=bugtraq&m=109898111915661
http://rus.members.beeb.net/xzgv.html
http://www.svgalib.org/rus/zgv/
CVE-2004-0994
http://www.idefense.com/application/poi/display?id=160&type=vulnerabilities&flashstatus=false