Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDA813A219-D2D4-11DA-A672-000E0C2E438A
HistoryApr 21, 2006 - 12:00 a.m.

zgv, xzgv -- heap overflow vulnerability

2006-04-2100:00:00
vuxml.freebsd.org
15

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.3%

JSON

Gentoo reports:

Andrea Barisani of Gentoo Linux discovered xzgv and zgv
allocate insufficient memory when rendering images with
more than 3 output components, such as images using the
YCCK or CMYK colour space. When xzgv or zgv attempt to
render the image, data from the image overruns a heap
allocated buffer.
An attacker may be able to construct a malicious image that
executes arbitrary code with the permissions of the xzgv or
zgv user when attempting to render the image.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchzgv< 5.9_1UNKNOWN
FreeBSDanynoarchxzgv< 0.9UNKNOWN

Related

openvas 8
nessus 4
prion 1
ubuntucve 1
debian 4
gentoo 1
osv 1
cvelist 1
cve 1
debiancve 1
nvd 1
openvas
openvas
Debian Security Advisory DSA 1037-1 (zgv)
2008-01-17 00:00:00
FreeBSD Ports: zgv
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200604-10 (xzgv)
2008-09-24 00:00:00
nessus
nessus
GLSA-200604-10 : zgv, xzgv: Heap overflow
2006-04-21 00:00:00
Debian DSA-1038-1 : xzgv - programming error
2006-10-14 00:00:00
Debian DSA-1037-1 : zgv - programming error
2006-10-14 00:00:00
prion
prion
Heap overflow
2006-04-11 10:02:00
ubuntucve
ubuntucve
CVE-2006-1060
2006-04-11 00:00:00
debian
debian
[SECURITY] [DSA 1038-1] New xzgv packages fix arbitrary code execution
2006-04-22 08:31:28
[SECURITY] [DSA 1037-1] New zgv packages fix arbitrary code execution
2006-04-21 15:50:16
[SECURITY] [DSA 1038-1] New xzgv packages fix arbitrary code execution
2006-04-22 08:31:28
gentoo
gentoo
zgv, xzgv: Heap overflow
2006-04-21 00:00:00
osv
osv
xzgv - programming error
2006-04-22 00:00:00
cvelist
cvelist
CVE-2006-1060
2006-04-11 10:00:00
cve
cve
CVE-2006-1060
2006-04-11 10:02:00
debiancve
debiancve
CVE-2006-1060
2006-04-11 10:02:00
nvd
nvd
CVE-2006-1060
2006-04-11 10:02:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.3%

JSON
Related for A813A219-D2D4-11DA-A672-000E0C2E438A
openvas8nessus4prion1ubuntucve1debian4gentoo1osv1cvelist1cve1debiancve1nvd1