xv Multiple Unspecified Decoder Input Validation Issues

2005-04-19T07:24:37
ID OSVDB:15677
Type osvdb
Reporter Greg Roelofs(newt@pobos.com)
Modified 2005-04-19T07:24:37

Description

Vulnerability Description

XV contains multiple unspecified flaws that may allow a malicious user to execute arbitrary code. The issue is triggered by failure of the application to properly sanitize input prior to using it to carry out critical functions resulting in a loss of integrity.

Solution Description

Gentoo users can upgrade to version 3.10a-r11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

XV contains multiple unspecified flaws that may allow a malicious user to execute arbitrary code. The issue is triggered by failure of the application to properly sanitize input prior to using it to carry out critical functions resulting in a loss of integrity.

References:

Vendor URL: http://www.trilon.com/xv/ Vendor Specific Advisory URL Secunia Advisory ID:14977 Secunia Advisory ID:14998 Related OSVDB ID: 15679 Related OSVDB ID: 15680 Related OSVDB ID: 15681 Related OSVDB ID: 15678 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200504-17.xml Other Advisory URL: http://www.niscc.gov.uk/niscc/docs/br-20050419-00329.html?lang=en Bugtraq ID: 13243