xpcd -- buffer overflow

ID D337B206-200F-11DC-A197-0011098B2F36
Type freebsd
Reporter FreeBSD
Modified 2005-02-11T00:00:00


Debian Project reports:

Erik Sjolund discovered a buffer overflow in pcdsvgaview, an SVGA PhotoCD viewer. xpcd-svga is part of xpcd and uses svgalib to display graphics on the Linux console for which root permissions are required. A malicious user could overflow a fixed-size buffer and may cause the program to execute arbitrary code with elevated privileges.