logo
DATABASE RESOURCES PRICING ABOUT US

Eye of GNOME: Untrusted search path

Description

### Background The Eye of GNOME is the official image viewer for the GNOME Desktop environment. ### Description James Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in the Eye of GNOME, a vulnerabiliy related to CVE-2008-5983. ### Impact A local attacker could entice a user to run the Eye of GNOME from a directory containing a specially crafted python module, resulting in the execution of arbitrary code with the privileges of the user running the application. ### Workaround Do not run "eog" from untrusted working directories. ### Resolution All Eye of GNOME users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/eog-2.22.3-r3"


Affected Package


OS OS Version Package Name Package Version
Gentoo any media-gfx/eog 2.22.3-r3

Related