Search...

Gentoo Security Advisory GLSA 200501-09 (xzgv)

2008-09-24T00:00:00

ID OPENVAS:54795
Type openvas
Reporter Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-07T00:00:00

Description

The remote host is missing updates announced in advisory GLSA 200501-09.

                                        
                                            # OpenVAS Vulnerability Test
# $
# Description: Auto generated from Gentoo's XML based advisory
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "xzgv contains multiple overflows that may lead to the execution of
arbitrary code.";
tag_solution = "All xzgv users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose '&gt;=media-gfx/xzgv-0.8-r1'

http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200501-09
http://bugs.gentoo.org/show_bug.cgi?id=74069
http://www.idefense.com/application/poi/display?id=160&type=vulnerabilities&flashstatus=true";
tag_summary = "The remote host is missing updates announced in
advisory GLSA 200501-09.";

                                                                                

if(description)
{
 script_id(54795);
 script_version("$Revision: 6596 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)");
 script_cve_id("CVE-2004-0994");
 script_tag(name:"cvss_base", value:"10.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_name("Gentoo Security Advisory GLSA 200501-09 (xzgv)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com");
 script_family("Gentoo Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-gentoo.inc");

res = "";
report = "";
if ((res = ispkgvuln(pkg:"media-gfx/xzgv", unaffected: make_list("ge 0.8-r1"), vulnerable: make_list("le 0.8"))) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:54795", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 200501-09 (xzgv)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200501-09.", "published": "2008-09-24T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=54795", "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2004-0994"], "lastseen": "2017-07-24T12:50:25", "viewCount": 0, "enchantments": {"score": {"value": 8.8, "vector": "NONE", "modified": "2017-07-24T12:50:25", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0994"]}, {"type": "freebsd", "idList": ["249A8C42-6973-11D9-AE49-000C41E2CDAD"]}, {"type": "osvdb", "idList": ["OSVDB:12357"]}, {"type": "debian", "idList": ["DEBIAN:DSA-614-1:1E24F"]}, {"type": "gentoo", "idList": ["GLSA-200501-09"]}, {"type": "openvas", "idList": ["OPENVAS:53297", "OPENVAS:52227"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200501-09.NASL", "DEBIAN_DSA-614.NASL", "FREEBSD_PKG_249A8C42697311D9AE49000C41E2CDAD.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:7322"]}], "modified": "2017-07-24T12:50:25", "rev": 2}, "vulnersScore": 8.8}, "pluginID": "54795", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"xzgv contains multiple overflows that may lead to the execution of\narbitrary code.\";\ntag_solution = \"All xzgv users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/xzgv-0.8-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200501-09\nhttp://bugs.gentoo.org/show_bug.cgi?id=74069\nhttp://www.idefense.com/application/poi/display?id=160&type=vulnerabilities&flashstatus=true\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200501-09.\";\n\n \n\nif(description)\n{\n script_id(54795);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2004-0994\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200501-09 (xzgv)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-gfx/xzgv\", unaffected: make_list(\"ge 0.8-r1\"), vulnerable: make_list(\"le 0.8\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Gentoo Local Security Checks"}

{"cve": [{"lastseen": "2020-10-03T11:33:39", "description": "Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.", "edition": 3, "cvss3": {}, "published": "2005-01-10T05:00:00", "title": "CVE-2004-0994", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0994"], "modified": "2017-07-11T01:30:00", "cpe": ["cpe:/a:zgv:xzgv_image_viewer:0.8", "cpe:/o:debian:debian_linux:3.0", "cpe:/a:zgv:zgv_image_viewer:5.8", "cpe:/a:zgv:zgv_image_viewer:5.6", "cpe:/a:zgv:xzgv_image_viewer:0.7", "cpe:/a:zgv:xzgv_image_viewer:0.6", "cpe:/a:zgv:zgv_image_viewer:5.7", "cpe:/a:zgv:zgv_image_viewer:5.5"], "id": "CVE-2004-0994", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0994", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*", "cpe:2.3:a:zgv:zgv_image_viewer:5.6:*:*:*:*:*:*:*", "cpe:2.3:a:zgv:xzgv_image_viewer:0.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*", "cpe:2.3:a:zgv:zgv_image_viewer:5.7:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*", "cpe:2.3:a:zgv:xzgv_image_viewer:0.7:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*", "cpe:2.3:a:zgv:zgv_image_viewer:5.8:*:*:*:*:*:*:*", "cpe:2.3:a:zgv:zgv_image_viewer:5.5:*:*:*:*:*:*:*", "cpe:2.3:a:zgv:xzgv_image_viewer:0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:47:06", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0994"], "description": "### Background\n\nxzgv is a picture viewer for X, with a thumbnail-based file selector. \n\n### Description\n\nMultiple overflows have been found in the image processing code of xzgv, including an integer overflow in the PRF parsing code (CAN-2004-0994). \n\n### Impact\n\nAn attacker could entice a user to open or browse a specially-crafted image file, potentially resulting in the execution of arbitrary code with the rights of the user running xzgv. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll xzgv users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/xzgv-0.8-r1\"", "edition": 1, "modified": "2005-01-06T00:00:00", "published": "2005-01-06T00:00:00", "id": "GLSA-200501-09", "href": "https://security.gentoo.org/glsa/200501-09", "type": "gentoo", "title": "xzgv: Multiple overflows", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:07", "bulletinFamily": "software", "cvelist": ["CVE-2004-0994"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:13449](https://secuniaresearch.flexerasoftware.com/advisories/13449/)\n[Secunia Advisory ID:13509](https://secuniaresearch.flexerasoftware.com/advisories/13509/)\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200501-09.xml\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=160&type=vulnerabilities\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0267.html\nISS X-Force ID: 18454\n[CVE-2004-0994](https://vulners.com/cve/CVE-2004-0994)\n", "modified": "2004-12-13T10:34:35", "published": "2004-12-13T10:34:35", "href": "https://vulners.com/osvdb/OSVDB:12357", "id": "OSVDB:12357", "type": "osvdb", "title": "xzgv read_prf_file Method Remote Overflow", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0994"], "description": "The remote host is missing an update to xzgv\nannounced via advisory DSA 614-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53297", "href": "http://plugins.openvas.org/nasl.php?oid=53297", "type": "openvas", "title": "Debian Security Advisory DSA 614-1 (xzgv)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_614_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 614-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Luke infamous41md discoverd multiple vulnerabilities in xzgv, a\npicture viewer for X11 with a thumbnail-based selector. Remote\nexploitation of an integer overflow vulnerability could allow the\nexecution of arbitrary code.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 0.7-6woody2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.8-3.\n\nWe recommend that you upgrade your xzgv package immediately.\";\ntag_summary = \"The remote host is missing an update to xzgv\nannounced via advisory DSA 614-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20614-1\";\n\nif(description)\n{\n script_id(53297);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:56:38 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2004-0994\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 614-1 (xzgv)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xzgv\", ver:\"0.7-6woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1095", "CVE-2004-0994"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-10-05T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:52227", "href": "http://plugins.openvas.org/nasl.php?oid=52227", "type": "openvas", "title": "FreeBSD Ports: zgv", "sourceData": "#\n#VID 249a8c42-6973-11d9-ae49-000c41e2cdad\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n zgv\n xzgv\n\nCVE-2004-0994\nMultiple integer overflows in xzgv 0.8 and earlier allow remote\nattackers to execute arbitrary code via images with large width and\nheight values, which trigger a heap-based buffer overflow, as\ndemonstrated in the read_prf_file function in readprf.c. NOTE:\nCVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only\npartially overlap, despite having the same developer. Therefore, they\nshould be regarded as distinct.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://rus.members.beeb.net/xzgv.html\nhttp://www.svgalib.org/rus/zgv/\nhttp://www.idefense.com/application/poi/display?id=160&type=vulnerabilities&flashstatus=false\nhttp://marc.theaimsgroup.com/?l=bugtraq&m=109886210702781\nhttp://marc.theaimsgroup.com/?l=bugtraq&m=109898111915661\nhttp://www.vuxml.org/freebsd/249a8c42-6973-11d9-ae49-000c41e2cdad.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52227);\n script_version(\"$Revision: 4218 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-10-05 16:20:48 +0200 (Wed, 05 Oct 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-0994\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: zgv\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"zgv\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.8_1\")<0) {\n txt += 'Package zgv version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"xzgv\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.8_2\")<0) {\n txt += 'Package xzgv version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:19", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0994"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 614-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nDecember 21st, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : xzgv\nVulnerability : integer overflows\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2004-0994\n\nLuke "infamous41md" discoverd multiple vulnerabilities in xzgv, a\npicture viewer for X11 with a thumbnail-based selector. Remote\nexploitation of an integer overflow vulnerability could allow the\nexecution of arbitrary code.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 0.7-6woody2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.8-3.\n\nWe recommend that you upgrade your xzgv package immediately.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2.dsc\n Size/MD5 checksum: 579 27ae6cedb8409d1a61250227194a6b18\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2.diff.gz\n Size/MD5 checksum: 6782 fc970417371b3fab54b0cee4bc9ad695\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7.orig.tar.gz\n Size/MD5 checksum: 296814 9a376cc01cf486a2a8901fbc8b040d29\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_alpha.deb\n Size/MD5 checksum: 199532 b3ac4de63867a36dd018ed530f0d10f7\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_arm.deb\n Size/MD5 checksum: 187026 299e911e0b72e2ec50a4e2fe483631fd\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_i386.deb\n Size/MD5 checksum: 185198 8daddd8cd55896f09bd34a962d506480\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_ia64.deb\n Size/MD5 checksum: 219706 d06e18a31733ed58a8f0515d98ae36dd\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_hppa.deb\n Size/MD5 checksum: 195394 de8fb62bad56ed7b39d14242b82f501d\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_m68k.deb\n Size/MD5 checksum: 181580 32bb51323358c9592bcb7a9a6254d378\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_mips.deb\n Size/MD5 checksum: 188456 b9db5a09c63151dd48a8c10670828527\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_mipsel.deb\n Size/MD5 checksum: 187458 6db543152183971188c0f02b2f06f5e6\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_powerpc.deb\n Size/MD5 checksum: 189504 c2df06701aef5409b88d342ef826335d\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_s390.deb\n Size/MD5 checksum: 188976 530d93c6ca5132b42d64ca60c9fab9b0\n\n Sun Sparc architecture:\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_sparc.deb\n Size/MD5 checksum: 188952 9f5fefef2a5581e77cf94b9ad4e9f042\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 2, "modified": "2004-12-21T00:00:00", "published": "2004-12-21T00:00:00", "id": "DEBIAN:DSA-614-1:1E24F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00223.html", "title": "[SECURITY] [DSA 614-1] New xzgv packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:11", "bulletinFamily": "software", "cvelist": ["CVE-2004-0994"], "description": "Multiple Vendor xzgv PRF Parsing Integer Overflow Vulnerability\r\n\r\niDEFENSE Security Advisory 12.13.04\r\nhttp://www.idefense.com/application/poi/display?id=160&type=vulnerabilit\r\nies\r\nDecember 13, 2004\r\n\r\nI. BACKGROUND\r\n\r\nxzgv is a picture viewer for X, with a thumbnail-based file selector. It\r\n\r\nuses GTK+ and Imlib 1.x. Most file formats are supported, and the \r\nthumbnails used are compatible with xv, zgv and the Gimp. \r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of an integer overflow vulnerability in various \r\nvendors' implementations of the read_prf_file method in the xzgv program\r\n\r\ncould allow for arbitrary code execution. The vulnerability specifically\r\n\r\nexists due to an integer overflow while allocating memory for an image \r\nfile. The vulnerable code is as follows:\r\n\r\nxzgv-0.8/src/readprf.c:\r\nif((*theimageptr=malloc(width*height*3))==NULL)\r\n[...]\r\n\r\nThe values width and height are integers that are ultimately supplied by\r\n\r\nthe image file. With certain values for height and width set in an image\r\n\r\nfile, not enough memory is allocated due to an integer overflow. The \r\nunderallocated memory is later written to, causing heap corruption and \r\npossible arbitrary code execution with the privileges of the user \r\nviewing the image file.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation allows attackers to gain the privileges of the user viewing\r\n\r\nthe image file. If a user can be convinced to view a malicious file, \r\nthis vulnerability can be exploited remotely.\r\n\r\nIV. DETECTION\r\n\r\nThe following vendors have confirmed the availability of susceptible \r\nxzgv packages within their respective operating system distributions: \r\n SuSE\r\n Debian\r\n Gentoo \r\n FreeBSD \r\n\r\nV. WORKAROUND\r\n\r\nOnly accept image files from trusted sources. Use a different image \r\nviewer program to view untrusted images.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nThe vulnerability has been addressed in the following patch:\r\n\r\nhttp://rus.members.beeb.net/xzgv-0.8-integer-overflow-fix.diff\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CAN-2004-0994 to this issue. This is a candidate for inclusion\r\nin the CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n11/05/2004 Initial vendor notification\r\n12/10/2004 Secondary vendor notification\r\n12/10/2004 Initial vendor response\r\n12/13/2004 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nInfamous41md is credited with this discovery.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright (c) 2004 iDEFENSE, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.", "edition": 1, "modified": "2004-12-15T00:00:00", "published": "2004-12-15T00:00:00", "id": "SECURITYVULNS:DOC:7322", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:7322", "title": "iDEFENSE Security Advisory 12.13.04 - Multiple Vendor xzgv PRF Parsing Integer Overflow Vulnerability", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-07T10:51:54", "description": "The remote host is affected by the vulnerability described in GLSA-200501-09\n(xzgv: Multiple overflows)\n\n Multiple overflows have been found in the image processing code of\n xzgv, including an integer overflow in the PRF parsing code\n (CAN-2004-0994).\n \nImpact :\n\n An attacker could entice a user to open or browse a\n specially crafted image file, potentially resulting in the execution of\n arbitrary code with the rights of the user running xzgv.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2005-02-14T00:00:00", "title": "GLSA-200501-09 : xzgv: Multiple overflows", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0994"], "modified": "2005-02-14T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:xzgv"], "id": "GENTOO_GLSA-200501-09.NASL", "href": "https://www.tenable.com/plugins/nessus/16400", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200501-09.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(16400);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0994\");\n script_xref(name:\"GLSA\", value:\"200501-09\");\n\n script_name(english:\"GLSA-200501-09 : xzgv: Multiple overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200501-09\n(xzgv: Multiple overflows)\n\n Multiple overflows have been found in the image processing code of\n xzgv, including an integer overflow in the PRF parsing code\n (CAN-2004-0994).\n \nImpact :\n\n An attacker could entice a user to open or browse a\n specially crafted image file, potentially resulting in the execution of\n arbitrary code with the rights of the user running xzgv.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://www.idefense.com/application/poi/display?id=160&type=vulnerabilities&flashstatus=true\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?344a1818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200501-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xzgv users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/xzgv-0.8-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xzgv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/xzgv\", unaffected:make_list(\"ge 0.8-r1\"), vulnerable:make_list(\"le 0.8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xzgv\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:40:40", "description": "infamous41md reports :\n\nzgv uses malloc() frequently to allocate memory for storing image\ndata. When calculating how much to allocate, user-supplied data from\nimage headers is multiplied and/or added without any checks for\narithmetic overflows. We can overflow numerous calculations, and cause\nsmall buffers to be allocated. Then we can overflow the buffer, and\neventually execute code. There are a total of 11 overflows that are\nexploitable to execute arbitrary code.\n\nThese bugs exist in both zgv and xzgv.", "edition": 25, "published": "2005-07-13T00:00:00", "title": "FreeBSD : zgv -- exploitable heap overflows (249a8c42-6973-11d9-ae49-000c41e2cdad)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0994"], "modified": "2005-07-13T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:xzgv", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:zgv"], "id": "FREEBSD_PKG_249A8C42697311D9AE49000C41E2CDAD.NASL", "href": "https://www.tenable.com/plugins/nessus/18873", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18873);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0994\");\n\n script_name(english:\"FreeBSD : zgv -- exploitable heap overflows (249a8c42-6973-11d9-ae49-000c41e2cdad)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"infamous41md reports :\n\nzgv uses malloc() frequently to allocate memory for storing image\ndata. When calculating how much to allocate, user-supplied data from\nimage headers is multiplied and/or added without any checks for\narithmetic overflows. We can overflow numerous calculations, and cause\nsmall buffers to be allocated. Then we can overflow the buffer, and\neventually execute code. There are a total of 11 overflows that are\nexploitable to execute arbitrary code.\n\nThese bugs exist in both zgv and xzgv.\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=109886210702781\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=109886210702781\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=109898111915661\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=109898111915661\"\n );\n # http://rus.members.beeb.net/xzgv.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ff8096ed\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.svgalib.org/rus/zgv/\"\n );\n # http://www.idefense.com/application/poi/display?id=160&type=vulnerabilities&flashstatus=false\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?344a1818\"\n );\n # https://vuxml.freebsd.org/freebsd/249a8c42-6973-11d9-ae49-000c41e2cdad.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c48dcc4d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:xzgv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:zgv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"zgv<5.8_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"xzgv<0.8_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T10:03:09", "description": "Luke 'infamous41md' discovered multiple vulnerabilities in xzgv, a\npicture viewer for X11 with a thumbnail-based selector. Remote\nexploitation of an integer overflow vulnerability could allow the\nexecution of arbitrary code.", "edition": 26, "published": "2004-12-21T00:00:00", "title": "Debian DSA-614-1 : xzgv - integer overflows", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1095", "CVE-2004-0994"], "modified": "2004-12-21T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xzgv", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-614.NASL", "href": "https://www.tenable.com/plugins/nessus/16020", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-614. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(16020);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2004-0994\", \"CVE-2004-1095\");\n script_xref(name:\"DSA\", value:\"614\");\n\n script_name(english:\"Debian DSA-614-1 : xzgv - integer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Luke 'infamous41md' discovered multiple vulnerabilities in xzgv, a\npicture viewer for X11 with a thumbnail-based selector. Remote\nexploitation of an integer overflow vulnerability could allow the\nexecution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2004/dsa-614\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xzgv package immediately.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 0.7-6woody2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xzgv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/12/21\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/10/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"xzgv\", reference:\"0.7-6woody2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:35:05", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0994"], "description": "\ninfamous41md reports:\n\nzgv uses malloc() frequently to allocate memory for storing\n\t image data. When calculating how much to allocate, user\n\t supplied data from image headers is multiplied and/or added\n\t without any checks for arithmetic overflows. We can\n\t overflow numerous calculations, and cause small buffers to\n\t be allocated. Then we can overflow the buffer, and\n\t eventually execute code. There are a total of\n\t 11 overflows that are exploitable to execute arbitrary\n\t code.\n\nThese bugs exist in both zgv and xzgv.\n", "edition": 4, "modified": "2005-01-21T00:00:00", "published": "2004-10-26T00:00:00", "id": "249A8C42-6973-11D9-AE49-000C41E2CDAD", "href": "https://vuxml.freebsd.org/freebsd/249a8c42-6973-11d9-ae49-000c41e2cdad.html", "title": "zgv -- exploitable heap overflows", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}