xzgv PRF Image Processing Overflow

2004-10-25T20:07:17
ID OSVDB:11399
Type osvdb
Reporter infamous41md(infamous41md@hotpop.com)
Modified 2004-10-25T20:07:17

Description

Vulnerability Description

A remote overflow exists in xzgv. xzgv allows for a heap overflow due to its failure to perform boundary checking of user-supplied data from PRF image headers in readprf.c. Using a specially crafted PRF file, an attacker can remotely execute arbitrary code or cause a denial of service, resulting in a loss of integrity or availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Russell Marks has released a patch to address this vulnerability.

Short Description

A remote overflow exists in xzgv. xzgv allows for a heap overflow due to its failure to perform boundary checking of user-supplied data from PRF image headers in readprf.c. Using a specially crafted PRF file, an attacker can remotely execute arbitrary code or cause a denial of service, resulting in a loss of integrity or availability.

References:

Vendor URL: http://rus.members.beeb.net/xzgv.html Vendor Specific Solution URL: http://rus.members.beeb.net/xzgv-0.8-integer-overflow-fix.diff Secunia Advisory ID:12998 Related OSVDB ID: 11398 Related OSVDB ID: 11397 Related OSVDB ID: 11396 Related OSVDB ID: 11400 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0283.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0308.html