Several vulnerabilities have been discovered in zgv, an SVGAlib
graphics viewer for the i386 architecture. The Common Vulnerabilities
and Exposures Project identifies the following problems:
CAN-2004-1095
“infamous41md” discovered multiple
integer overflows in zgv. Remote exploitation of an integer
overflow vulnerability could allow the execution of arbitrary
code.
CAN-2004-0999
Mikulas Patocka discovered that malicious multiple-image (e.g.
animated) GIF images can cause a segmentation fault in zgv.
For the stable distribution (woody) these problems have been fixed in
version 5.5-3woody1.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your zgv package immediately.