FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xv -- filename handling format string vulnerability

Affected packages
ja-xv < 3.10a_5
xv < 3.10a_5

Details

VuXML ID a4bd3039-9a48-11d9-a256-0001020eed82
Discovery 2005-03-01
Entry 2005-03-21

A Gentoo Linux Security Advisory reports:

Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv.

Successful exploitation would require a victim to process a specially crafted image with a malformed filename, potentially resulting in the execution of arbitrary code.

[source]

References

CVE Name CVE-2005-0665
URL http://www.gentoo.org/security/en/glsa/glsa-200503-09.xml

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.