Lucene search

FreeBSD249A8C42-6973-11D9-AE49-000C41E2CDAD

HistoryOct 26, 2004 - 12:00 a.m.

zgv -- exploitable heap overflows

2004-10-2600:00:00

vuxml.freebsd.org

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.035 Low

EPSS

Percentile

91.6%

JSON

infamous41md reports:

zgv uses malloc() frequently to allocate memory for storing
image data. When calculating how much to allocate, user
supplied data from image headers is multiplied and/or added
without any checks for arithmetic overflows. We can
overflow numerous calculations, and cause small buffers to
be allocated. Then we can overflow the buffer, and
eventually execute code. There are a total of
11 overflows that are exploitable to execute arbitrary
code.

These bugs exist in both zgv and xzgv.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchzgv< 5.8_1UNKNOWN
FreeBSDanynoarchxzgv< 0.8_2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	zgv	< 5.8_1	UNKNOWN
FreeBSD	any	noarch	xzgv	< 0.8_2	UNKNOWN

References

marc.theaimsgroup.com/?l=bugtraq&m=109886210702781

marc.theaimsgroup.com/?l=bugtraq&m=109898111915661

rus.members.beeb.net/xzgv.html

www.idefense.com/application/poi/display?id=160&type=vulnerabilities&flashstatus=false

www.svgalib.org/rus/zgv/

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.035 Low

EPSS

Percentile

91.6%

JSON

Related for 249A8C42-6973-11D9-AE49-000C41E2CDAD