OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

xv -- filename handling vulnerability

Affected packages
xv < 3.10ap0

Details

VuXML ID 4d960e7a-9537-11d9-9fda-080020fe8945
Discovery 2005-03-02
Entry 2005-03-15

Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv. Successful exploitation would require a victim to process a specially crafted image with a malformed filename, potentially resulting in the execution of arbitrary code.

References

URL http://bugs.gentoo.org/show_bug.cgi?id=83686
URL http://www.gentoo.org/security/en/glsa/glsa-200503-09.xml

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.