xv image buffer overflow
| xv-image-bo (17053) |  High Risk |
Description:
xv is vulnerable to a buffer overflow. By creating a specially-crafted image file, a remote attacker could overflow a buffer and execute arbitrary code on the system, once the file is viewed or possibly cause a denial of service. An attacker could exploit this vulnerability by hosting the malicious file on a Web site or by sending it to a victim as an email.
Note: It is reported that GwenView, IrfanView versions 3.0.7 and 3.95 and ImageMagick versions 5.33 to 6.2 are also vulnerable to this vulnerability. See References.
Consequences:
Gain Access
Remedy:
No remedy available as of September 4, 2010.
References:
- BugTraq Mailing List, Apr 11 2005 4:21PM: XV multiple buffer overflows (update).
- BugTraq Mailing List, Fri Aug 20 2004 - 02:26:05 CDT : XV multiple buffer overflows, exploit included.
- ImageMagick Web site: Introduction to ImageMagick.
- Irfanview Web site: IRFANVIEW.
- BID-10985: XV Multiple Buffer Overflow and Integer Handling Vulnerabilities
- BID-13099: IrfanView Multiple Unspecified Image Handling Heap-Based Memory Corruption Vulnerabilities
- BID-13100: ImageMagick Multiple Unspecified Image Handling Heap-Based Memory Corruption Vulnerabilities
- CVE-2004-1725: Stack-based buffer overflow in xvbmp.c in XV allows remote attackers to execute arbitrary code via a crafted image file.
- CVE-2004-1726: Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm.c in XV allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow.
Platforms Affected:
- GwenView GwenView
- ImageMagick ImageMagick 5.3.3 to 6.2
- Irfanview IrfanView 3.0.7
- Irfanview IrfanView 3.95
- John's World of XV and Other Stuff xv 3.10a
Reported:
Aug 20, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net