Search...

Debian Security Advisory DSA 1038-1 (xzgv)

2008-01-17T00:00:00

ID OPENVAS:56659
Type openvas
Reporter Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-07T00:00:00

Description

The remote host is missing an update to xzgv announced via advisory DSA 1038-1.

Andrea Barisani discovered that xzgv, a picture viewer for X with a thumbnail-based selector, attempts to decode JPEG images within the CMYK/YCCK colour space incorrectly, which could lead to the execution of arbitrary code.

For the old stable distribution (woody) this problem has been fixed in version 0.7-6woody3.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: deb_1038_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 1038-1
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_solution = "For the stable distribution (sarge) this problem has been fixed in
version 0.8-3sarge1.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your xzgv package.

 https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201038-1";
tag_summary = "The remote host is missing an update to xzgv
announced via advisory DSA 1038-1.

Andrea Barisani discovered that xzgv, a picture viewer for X with a
thumbnail-based selector, attempts to decode JPEG images within the
CMYK/YCCK colour space incorrectly, which could lead to the execution
of arbitrary code.

For the old stable distribution (woody) this problem has been fixed in
version 0.7-6woody3.";


if(description)
{
 script_id(56659);
 script_version("$Revision: 6616 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)");
 script_bugtraq_id(17409);
 script_cve_id("CVE-2006-1060");
 script_tag(name:"cvss_base", value:"7.5");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_name("Debian Security Advisory DSA 1038-1 (xzgv)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com");
 script_family("Debian Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"xzgv", ver:"0.7-6woody3", rls:"DEB3.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"xzgv", ver:"0.8-3sarge1", rls:"DEB3.1")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:56659", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 1038-1 (xzgv)", "description": "The remote host is missing an update to xzgv\nannounced via advisory DSA 1038-1.\n\nAndrea Barisani discovered that xzgv, a picture viewer for X with a\nthumbnail-based selector, attempts to decode JPEG images within the\nCMYK/YCCK colour space incorrectly, which could lead to the execution\nof arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 0.7-6woody3.", "published": "2008-01-17T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56659", "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2006-1060"], "lastseen": "2017-07-24T12:50:03", "viewCount": 0, "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2017-07-24T12:50:03", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-1060"]}, {"type": "openvas", "idList": ["OPENVAS:56625", "OPENVAS:56627", "OPENVAS:56654"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1037-1:0825A", "DEBIAN:DSA-1038-1:AB0DC"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1037.NASL", "GENTOO_GLSA-200604-10.NASL", "FREEBSD_PKG_A813A219D2D411DAA672000E0C2E438A.NASL", "DEBIAN_DSA-1038.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:24513"]}, {"type": "freebsd", "idList": ["A813A219-D2D4-11DA-A672-000E0C2E438A"]}, {"type": "gentoo", "idList": ["GLSA-200604-10"]}], "modified": "2017-07-24T12:50:03", "rev": 2}, "vulnersScore": 6.9}, "pluginID": "56659", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1038_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1038-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 0.8-3sarge1.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you upgrade your xzgv package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201038-1\";\ntag_summary = \"The remote host is missing an update to xzgv\nannounced via advisory DSA 1038-1.\n\nAndrea Barisani discovered that xzgv, a picture viewer for X with a\nthumbnail-based selector, attempts to decode JPEG images within the\nCMYK/YCCK colour space incorrectly, which could lead to the execution\nof arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 0.7-6woody3.\";\n\n\nif(description)\n{\n script_id(56659);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(17409);\n script_cve_id(\"CVE-2006-1060\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1038-1 (xzgv)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xzgv\", ver:\"0.7-6woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xzgv\", ver:\"0.8-3sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}

{"cve": [{"lastseen": "2020-12-09T19:23:44", "description": "Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space, which causes less memory to be allocated than required.", "edition": 5, "cvss3": {}, "published": "2006-04-11T10:02:00", "title": "CVE-2006-1060", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-1060"], "modified": "2017-07-20T01:30:00", "cpe": ["cpe:/a:xzgv:xzgv:0.8"], "id": "CVE-2006-1060", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1060", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:xzgv:xzgv:0.8:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "cvelist": ["CVE-2006-1060"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.novell.com/linux/security/advisories/2006_08_sr.html)\n[Secunia Advisory ID:19572](https://secuniaresearch.flexerasoftware.com/advisories/19572/)\n[Secunia Advisory ID:19571](https://secuniaresearch.flexerasoftware.com/advisories/19571/)\n[Secunia Advisory ID:19731](https://secuniaresearch.flexerasoftware.com/advisories/19731/)\n[Secunia Advisory ID:19779](https://secuniaresearch.flexerasoftware.com/advisories/19779/)\n[Secunia Advisory ID:19790](https://secuniaresearch.flexerasoftware.com/advisories/19790/)\n[Secunia Advisory ID:19757](https://secuniaresearch.flexerasoftware.com/advisories/19757/)\nOther Advisory URL: http://www.debian.org/security/2006/dsa-1038\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1037\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml\nFrSIRT Advisory: ADV-2006-1288\n[CVE-2006-1060](https://vulners.com/cve/CVE-2006-1060)\nBugtraq ID: 17409\n", "modified": "2006-04-07T06:17:38", "published": "2006-04-07T06:17:38", "href": "https://vulners.com/osvdb/OSVDB:24513", "id": "OSVDB:24513", "type": "osvdb", "title": "zgv / xzgv JPEG CMYK/YCCK color space Image Parsing Overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1060"], "description": "The remote host is missing an update to zgv\nannounced via advisory DSA 1037-1.\n\nAndrea Barisani discovered that zgv, an svgalib graphics viewer,\nattempts to decode JPEG images within the CMYK/YCCK colour space\nincorrectly, which could lead to the execution of arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 5.5-3woody3.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:56625", "href": "http://plugins.openvas.org/nasl.php?oid=56625", "type": "openvas", "title": "Debian Security Advisory DSA 1037-1 (zgv)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1037_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1037-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 5.7-1.4.\n\nFor the unstable distribution (sid) this problem has been fixed soon.\n\n\nWe recommend that you upgrade your zgv package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201037-1\";\ntag_summary = \"The remote host is missing an update to zgv\nannounced via advisory DSA 1037-1.\n\nAndrea Barisani discovered that zgv, an svgalib graphics viewer,\nattempts to decode JPEG images within the CMYK/YCCK colour space\nincorrectly, which could lead to the execution of arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 5.5-3woody3.\";\n\n\nif(description)\n{\n script_id(56625);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(17409);\n script_cve_id(\"CVE-2006-1060\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1037-1 (zgv)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"zgv\", ver:\"5.5-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"zgv\", ver:\"5.7-1.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1060"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-10-05T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:56654", "href": "http://plugins.openvas.org/nasl.php?oid=56654", "type": "openvas", "title": "FreeBSD Ports: zgv", "sourceData": "#\n#VID a813a219-d2d4-11da-a672-000e0c2e438a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n zgv\n xzgv\n\nCVE-2006-1060\nHeap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might\nallow user-complicit attackers to execute arbitrary code via a JPEG\nimage with more than 3 output components, such as a CMYK or YCCK color\nspace, which causes less memory to be allocated than required.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.gentoo.org/security/en/glsa/glsa-200604-10.xml\nhttp://www.vuxml.org/freebsd/a813a219-d2d4-11da-a672-000e0c2e438a.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(56654);\n script_version(\"$Revision: 4218 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-10-05 16:20:48 +0200 (Wed, 05 Oct 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-1060\");\n script_bugtraq_id(17409);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: zgv\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"zgv\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package zgv version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"xzgv\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package xzgv version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1060"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200604-10.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:56627", "href": "http://plugins.openvas.org/nasl.php?oid=56627", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200604-10 (xzgv)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"xzgv and zgv attempt to decode JPEG images within the CMYK/YCCK colour\nspace incorrectly, potentially resulting in the execution of arbitrary\ncode.\";\ntag_solution = \"All xzgv users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/xzgv-0.8-r2'\n\nAll zgv users should also upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/zgv-5.8'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200604-10\nhttp://bugs.gentoo.org/show_bug.cgi?id=127008\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200604-10.\";\n\n \n\nif(description)\n{\n script_id(56627);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(17409);\n script_cve_id(\"CVE-2006-1060\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200604-10 (xzgv)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-gfx/xzgv\", unaffected: make_list(\"ge 0.8-r2\"), vulnerable: make_list(\"lt 0.8-r2\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"media-gfx/zgv\", unaffected: make_list(\"ge 5.8\"), vulnerable: make_list(\"lt 5.8\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:45", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1060"], "description": "\nGentoo reports:\n\nAndrea Barisani of Gentoo Linux discovered xzgv and zgv\n\t allocate insufficient memory when rendering images with\n\t more than 3 output components, such as images using the\n\t YCCK or CMYK colour space.\tWhen xzgv or zgv attempt to\n\t render the image, data from the image overruns a heap\n\t allocated buffer.\nAn attacker may be able to construct a malicious image that\n\t executes arbitrary code with the permissions of the xzgv or\n\t zgv user when attempting to render the image.\n\n", "edition": 4, "modified": "2010-03-22T00:00:00", "published": "2006-04-21T00:00:00", "id": "A813A219-D2D4-11DA-A672-000E0C2E438A", "href": "https://vuxml.freebsd.org/freebsd/a813a219-d2d4-11da-a672-000e0c2e438a.html", "title": "zgv, xzgv -- heap overflow vulnerability", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:48", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1060"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1037-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 21st, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : zgv\nVulnerability : programming error\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2006-1060\n\nAndrea Barisani discovered that zgv, an svgalib graphics viewer,\nattempts to decode JPEG images within the CMYK/YCCK colour space\nincorrectly, which could lead to the execution of arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 5.5-3woody3.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 5.7-1.4.\n\nFor the unstable distribution (sid) this problem has been fixed soon.\n\n\nWe recommend that you upgrade your zgv package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody3.dsc\n Size/MD5 checksum: 603 17ee0337d957181e091a5ab098cab68f\n http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody3.diff.gz\n Size/MD5 checksum: 9037 fdf06ee05dda8d8804e41c77e9061e75\n http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5.orig.tar.gz\n Size/MD5 checksum: 329235 629386a4df72f6ec007319bf12db1374\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody3_i386.deb\n Size/MD5 checksum: 211964 bfb2b46ca2d2009f2577c7ee88fe3693\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/z/zgv/zgv_5.7-1.4.dsc\n Size/MD5 checksum: 604 2ca8cd8b405de9c7e63f047878292b77\n http://security.debian.org/pool/updates/main/z/zgv/zgv_5.7-1.4.diff.gz\n Size/MD5 checksum: 10353 f904838cdc843ca9928f416a5195bc4a\n http://security.debian.org/pool/updates/main/z/zgv/zgv_5.7.orig.tar.gz\n Size/MD5 checksum: 384977 50f0127c250b6efe9c5f8850b96f3841\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/z/zgv/zgv_5.7-1.4_i386.deb\n Size/MD5 checksum: 227920 9666a9563aee30e0a5123c6e8c9fa682\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 2, "modified": "2006-04-21T00:00:00", "published": "2006-04-21T00:00:00", "id": "DEBIAN:DSA-1037-1:0825A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00121.html", "title": "[SECURITY] [DSA 1037-1] New zgv packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:29", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1060"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1038-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 22nd, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : xzgv\nVulnerability : programming error\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2006-1060\n\nAndrea Barisani discovered that xzgv, a picture viewer for X with a\nthumbnail-based selector, attempts to decode JPEG images within the\nCMYK/YCCK colour space incorrectly, which could lead to the execution\nof arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 0.7-6woody3.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.8-3sarge1.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you upgrade your xzgv package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3.dsc\n Size/MD5 checksum: 581 1a95ff78280e98e448b19807e6dacd14\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3.diff.gz\n Size/MD5 checksum: 7188 3af533cd6791a61c35cac448cdf7bd86\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7.orig.tar.gz\n Size/MD5 checksum: 296814 9a376cc01cf486a2a8901fbc8b040d29\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_alpha.deb\n Size/MD5 checksum: 199802 8d2c31ecea7c0821a463930a795e4363\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_arm.deb\n Size/MD5 checksum: 187280 3e9a89fcb5bca1c3b0cd5afa88b0a628\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_i386.deb\n Size/MD5 checksum: 185464 60cc2843ea8611650074c3b6247c9a68\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_ia64.deb\n Size/MD5 checksum: 220106 81b23a2fef7ea3c0d1e45d531494acce\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_hppa.deb\n Size/MD5 checksum: 195672 de3c3a653cee6c8a810554179e07dc22\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_m68k.deb\n Size/MD5 checksum: 181774 8a51dbe9d11e85c1a50831c2035c1a0d\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_mips.deb\n Size/MD5 checksum: 188680 10ff84344193db70d24e438f48554fc6\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_mipsel.deb\n Size/MD5 checksum: 187718 5ba8e5fa9b7e2b54cb1f11f867431ee5\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_powerpc.deb\n Size/MD5 checksum: 189770 909d2af6f68d5d7c49ecbacd2b187293\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_s390.deb\n Size/MD5 checksum: 189282 22d9c8dad8cf2a577fca2a208e9ed745\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_sparc.deb\n Size/MD5 checksum: 189208 5daa878f409a61f2ea519ac8d1ca5730\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1.dsc\n Size/MD5 checksum: 642 ae7ee0519ba25087b0dbd809a5a1db43\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1.diff.gz\n Size/MD5 checksum: 8762 2f40bca80610715c3a48c7cd68733cc4\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8.orig.tar.gz\n Size/MD5 checksum: 302801 e392277f1447076402df2e3d9e782cb2\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_alpha.deb\n Size/MD5 checksum: 210012 6938839b55f3a36a3732a9743ae1a7df\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_amd64.deb\n Size/MD5 checksum: 201782 6b4d5abca89ec0dd92e2f34dd21a51e8\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_arm.deb\n Size/MD5 checksum: 194364 a80549d3f3f2e05ad37b45ff087d19c6\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_i386.deb\n Size/MD5 checksum: 195816 69b8d384068d9fc7061997c63bd3075e\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_ia64.deb\n Size/MD5 checksum: 223934 eb187eba5a5aa8bada015cab8d50bde1\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_hppa.deb\n Size/MD5 checksum: 202856 931a992b298cc192afcd164f2c379148\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_m68k.deb\n Size/MD5 checksum: 189288 61005b854fabb24ee582d66644e39e73\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_mips.deb\n Size/MD5 checksum: 196818 a3ccaeb5207c03483ab2073134afff84\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_mipsel.deb\n Size/MD5 checksum: 195800 7d63b90f48fda8dc6004ebd65f2b280c\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_powerpc.deb\n Size/MD5 checksum: 198764 ad327072b62b9901450585abd7d687a0\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_s390.deb\n Size/MD5 checksum: 200516 4a1a716179571f70adb1fa1685b374a6\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_sparc.deb\n Size/MD5 checksum: 195544 cc23e85b70d38954c3d0e92cc209e2dc\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 2, "modified": "2006-04-22T00:00:00", "published": "2006-04-22T00:00:00", "id": "DEBIAN:DSA-1038-1:AB0DC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00122.html", "title": "[SECURITY] [DSA 1038-1] New xzgv packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:36", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1060"], "edition": 1, "description": "### Background\n\nxzgv and zgv are picture viewing utilities with a thumbnail based file selector. \n\n### Description\n\nAndrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space. When xzgv or zgv attempt to render the image, data from the image overruns a heap allocated buffer. \n\n### Impact\n\nAn attacker may be able to construct a malicious image that executes arbitrary code with the permissions of the xzgv or zgv user when attempting to render the image. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll xzgv users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/xzgv-0.8-r2\"\n\nAll zgv users should also upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/zgv-5.9\"", "modified": "2006-06-10T00:00:00", "published": "2006-04-21T00:00:00", "id": "GLSA-200604-10", "href": "https://security.gentoo.org/glsa/200604-10", "type": "gentoo", "title": "zgv, xzgv: Heap overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-06T09:44:32", "description": "Andrea Barisani discovered that xzgv, a picture viewer for X with a\nthumbnail-based selector, attempts to decode JPEG images within the\nCMYK/YCCK colour space incorrectly, which could lead to the execution\nof arbitrary code.", "edition": 25, "published": "2006-10-14T00:00:00", "title": "Debian DSA-1038-1 : xzgv - programming error", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1060"], "modified": "2006-10-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xzgv", "cpe:/o:debian:debian_linux:3.1", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-1038.NASL", "href": "https://www.tenable.com/plugins/nessus/22580", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1038. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22580);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-1060\");\n script_xref(name:\"DSA\", value:\"1038\");\n\n script_name(english:\"Debian DSA-1038-1 : xzgv - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andrea Barisani discovered that xzgv, a picture viewer for X with a\nthumbnail-based selector, attempts to decode JPEG images within the\nCMYK/YCCK colour space incorrectly, which could lead to the execution\nof arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1038\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xzgv package.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 0.7-6woody3.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.8-3sarge1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xzgv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"xzgv\", reference:\"0.7-6woody3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"xzgv\", reference:\"0.8-3sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:02", "description": "The remote host is affected by the vulnerability described in GLSA-200604-10\n(zgv, xzgv: Heap overflow)\n\n Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate\n insufficient memory when rendering images with more than 3 output\n components, such as images using the YCCK or CMYK colour space. When\n xzgv or zgv attempt to render the image, data from the image overruns a\n heap allocated buffer.\n \nImpact :\n\n An attacker may be able to construct a malicious image that executes\n arbitrary code with the permissions of the xzgv or zgv user when\n attempting to render the image.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2006-04-21T00:00:00", "title": "GLSA-200604-10 : zgv, xzgv: Heap overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1060"], "modified": "2006-04-21T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:zgv", "cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:xzgv"], "id": "GENTOO_GLSA-200604-10.NASL", "href": "https://www.tenable.com/plugins/nessus/21256", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200604-10.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21256);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-1060\");\n script_xref(name:\"GLSA\", value:\"200604-10\");\n\n script_name(english:\"GLSA-200604-10 : zgv, xzgv: Heap overflow\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200604-10\n(zgv, xzgv: Heap overflow)\n\n Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate\n insufficient memory when rendering images with more than 3 output\n components, such as images using the YCCK or CMYK colour space. When\n xzgv or zgv attempt to render the image, data from the image overruns a\n heap allocated buffer.\n \nImpact :\n\n An attacker may be able to construct a malicious image that executes\n arbitrary code with the permissions of the xzgv or zgv user when\n attempting to render the image.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.svgalib.org/rus/zgv/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200604-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xzgv users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/xzgv-0.8-r2'\n All zgv users should also upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/zgv-5.9'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xzgv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:zgv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/04/21\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/zgv\", unaffected:make_list(\"ge 5.9\"), vulnerable:make_list(\"lt 5.9\"))) flag++;\nif (qpkg_check(package:\"media-gfx/xzgv\", unaffected:make_list(\"ge 0.8-r2\"), vulnerable:make_list(\"lt 0.8-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zgv / xzgv\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:48:56", "description": "Gentoo reports :\n\nAndrea Barisani of Gentoo Linux discovered xzgv and zgv allocate\ninsufficient memory when rendering images with more than 3 output\ncomponents, such as images using the YCCK or CMYK colour space. When\nxzgv or zgv attempt to render the image, data from the image overruns\na heap allocated buffer.\n\nAn attacker may be able to construct a malicious image that executes\narbitrary code with the permissions of the xzgv or zgv user when\nattempting to render the image.", "edition": 25, "published": "2006-10-10T00:00:00", "title": "FreeBSD : zgv, xzgv -- heap overflow vulnerability (a813a219-d2d4-11da-a672-000e0c2e438a)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1060"], "modified": "2006-10-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:xzgv", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:zgv"], "id": "FREEBSD_PKG_A813A219D2D411DAA672000E0C2E438A.NASL", "href": "https://www.tenable.com/plugins/nessus/22518", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22518);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-1060\");\n script_bugtraq_id(17409);\n\n script_name(english:\"FreeBSD : zgv, xzgv -- heap overflow vulnerability (a813a219-d2d4-11da-a672-000e0c2e438a)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gentoo reports :\n\nAndrea Barisani of Gentoo Linux discovered xzgv and zgv allocate\ninsufficient memory when rendering images with more than 3 output\ncomponents, such as images using the YCCK or CMYK colour space. When\nxzgv or zgv attempt to render the image, data from the image overruns\na heap allocated buffer.\n\nAn attacker may be able to construct a malicious image that executes\narbitrary code with the permissions of the xzgv or zgv user when\nattempting to render the image.\"\n );\n # http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200604-10\"\n );\n # https://vuxml.freebsd.org/freebsd/a813a219-d2d4-11da-a672-000e0c2e438a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bd52fc98\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:xzgv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:zgv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"zgv<5.9_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"xzgv<0.9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:44:32", "description": "Andrea Barisani discovered that zgv, an svgalib graphics viewer,\nattempts to decode JPEG images within the CMYK/YCCK colour space\nincorrectly, which could lead to the execution of arbitrary code.", "edition": 25, "published": "2006-10-14T00:00:00", "title": "Debian DSA-1037-1 : zgv - programming error", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1060"], "modified": "2006-10-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:zgv", "cpe:/o:debian:debian_linux:3.1", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-1037.NASL", "href": "https://www.tenable.com/plugins/nessus/22579", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1037. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22579);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-1060\");\n script_xref(name:\"DSA\", value:\"1037\");\n\n script_name(english:\"Debian DSA-1037-1 : zgv - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andrea Barisani discovered that zgv, an svgalib graphics viewer,\nattempts to decode JPEG images within the CMYK/YCCK colour space\nincorrectly, which could lead to the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1037\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the zgv package.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 5.5-3woody3.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 5.7-1.4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zgv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"zgv\", reference:\"5.5-3woody3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"zgv\", reference:\"5.7-1.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}