FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a813a219-d2d4-11da-a672-000e0c2e438a	zgv, xzgv -- heap overflow vulnerability Gentoo reports: Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space. When xzgv or zgv attempt to render the image, data from the image overruns a heap allocated buffer. An attacker may be able to construct a malicious image that executes arbitrary code with the permissions of the xzgv or zgv user when attempting to render the image. Discovery 2006-04-21 Entry 2006-04-23 Modified 2010-03-22 zgv < 5.9_1 xzgv < 0.9 17409 CVE-2006-1060 http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml
249a8c42-6973-11d9-ae49-000c41e2cdad	zgv -- exploitable heap overflows infamous41md reports: zgv uses malloc() frequently to allocate memory for storing image data. When calculating how much to allocate, user supplied data from image headers is multiplied and/or added without any checks for arithmetic overflows. We can overflow numerous calculations, and cause small buffers to be allocated. Then we can overflow the buffer, and eventually execute code. There are a total of 11 overflows that are exploitable to execute arbitrary code. These bugs exist in both zgv and xzgv. Discovery 2004-10-26 Entry 2005-01-18 Modified 2005-01-21 zgv < 5.8_1 xzgv < 0.8_2 http://marc.theaimsgroup.com/?l=bugtraq&m=109886210702781 http://marc.theaimsgroup.com/?l=bugtraq&m=109898111915661 http://rus.members.beeb.net/xzgv.html http://www.svgalib.org/rus/zgv/ CVE-2004-0994 http://www.idefense.com/application/poi/display?id=160&type=vulnerabilities&flashstatus=false

VuXML ID

Description

a813a219-d2d4-11da-a672-000e0c2e438a

zgv, xzgv -- heap overflow vulnerability

Gentoo reports:

Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space. When xzgv or zgv attempt to render the image, data from the image overruns a heap allocated buffer.

An attacker may be able to construct a malicious image that executes arbitrary code with the permissions of the xzgv or zgv user when attempting to render the image.

Discovery 2006-04-21
Entry 2006-04-23
Modified 2010-03-22
zgv

< 5.9_1

xzgv

< 0.9

17409
CVE-2006-1060
http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml

249a8c42-6973-11d9-ae49-000c41e2cdad

zgv -- exploitable heap overflows

infamous41md reports:

zgv uses malloc() frequently to allocate memory for storing image data. When calculating how much to allocate, user supplied data from image headers is multiplied and/or added without any checks for arithmetic overflows. We can overflow numerous calculations, and cause small buffers to be allocated. Then we can overflow the buffer, and eventually execute code. There are a total of 11 overflows that are exploitable to execute arbitrary code.

These bugs exist in both zgv and xzgv.

Discovery 2004-10-26
Entry 2005-01-18
Modified 2005-01-21
zgv

< 5.8_1

xzgv

< 0.8_2

http://marc.theaimsgroup.com/?l=bugtraq&m=109886210702781
http://marc.theaimsgroup.com/?l=bugtraq&m=109898111915661
http://rus.members.beeb.net/xzgv.html
http://www.svgalib.org/rus/zgv/
CVE-2004-0994
http://www.idefense.com/application/poi/display?id=160&type=vulnerabilities&flashstatus=false