5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.029 Low
EPSS
Percentile
90.9%
CentOS Errata and Security Advisory CESA-2005:802-01
The xloadimage utility displays images in an X Window System window, loads
images into the root window, or writes images into a file. Xloadimage
supports many image types (including GIF, TIFF, JPEG, XPM, and XBM).
A flaw was discovered in xloadimage via which an attacker can construct a
NIFF image with a very long embedded image title. This image can cause a
buffer overflow. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-3178 to this issue.
All users of xloadimage should upgrade to this erratum package, which
contains backported patches to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-October/074489.html
Affected packages:
xloadimage
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | xloadimage | < 4.1-36.RHEL2.1 | xloadimage-4.1-36.RHEL2.1.i386.rpm |