FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xv -- filename handling format string vulnerability

Affected packages
ja-xv < 3.10a_5
xv < 3.10a_5


VuXML ID a4bd3039-9a48-11d9-a256-0001020eed82
Discovery 2005-03-01
Entry 2005-03-21

A Gentoo Linux Security Advisory reports:

Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv.

Successful exploitation would require a victim to process a specially crafted image with a malformed filename, potentially resulting in the execution of arbitrary code.


CVE Name CVE-2005-0665