xv: Buffer overflows in image handling — GLSA 200409-07

xv contains multiple exploitable buffer overflows in the image handling code.

Affected packages

Package 	media-gfx/xv on all architectures
Affected versions 	< 3.10a-r7
Unaffected versions 	>= 3.10a-r7

Background

xv is a multi-format image manipulation utility.

Description

Multiple buffer overflow and integer handling vulnerabilities have been discovered in xv's image processing code. These vulnerabilities have been found in the xvbmp.c, xviris.c, xvpcx.c and xvpm.c source files.

Impact

An attacker might be able to embed malicious code into an image, which would lead to the execution of arbitrary code under the privileges of the user viewing the image.

Workaround

There is no known workaround at this time.

Resolution

All xv users should upgrade to the latest stable version:

 # emerge sync

 # emerge -pv ">=media-gfx/xv-3.10a-r7"
 # emerge ">=media-gfx/xv-3.10a-r7"

References

    BugTraq Advisory
    CAN-2004-0802