xzgv GIF Image Parsing Overflow

2002-03-03T00:00:00
ID OSVDB:11228
Type osvdb
Reporter Russell Marks(russell.marks@ntlworld.com)
Modified 2002-03-03T00:00:00

Description

Vulnerability Description

A remote overflow exists in xzgv. xzgv fails to perform proper boundary checking in the readgif.c outputstring function, resulting in a stack overflow. With a specially crafted GIF file, an attacker can cause arbirary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 0.80 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in xzgv. xzgv fails to perform proper boundary checking in the readgif.c outputstring function, resulting in a stack overflow. With a specially crafted GIF file, an attacker can cause arbirary code execution resulting in a loss of integrity.

References:

Vendor URL: http://rus.members.beeb.net/xzgv.html