ISS X-Force Database: xzgv-readprffile-bo(18454): xzgv read_prf

xzgv read_prf_file integer overflow

xzgv-readprffile-bo (18454)

High Risk

Description:

xzgv is vulnerable to an integer overflow in the read_prf_file method. By creating a specially-crafted image file, a remote attacker could cause the program to crash or possibly execute arbitrary code on the system, once the victim uses xzgv to process the file.

Platforms Affected:

Debian, Debian Linux 3.0
Debian, Debian Linux
FreeBSD, FreeBSD
Gentoo, Linux
SuSE, SuSE Linux
xzgv, xzgv

Remedy:

Apply the xzgv-0.8-integer-overflow-fix.diff patch, as listed in iDEFENSE Security Advisory 12.13.04. See References.

For Debian GNU LInux 3.0 (woody):
Upgrade to the latest version of xzgv (0.7-6woody2 or later), as listed in DSA-614-1. See References.

For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2005-01-09 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Gain Access

References:

iDEFENSE Security Advisory 12.13.04, Multiple Vendor xzgv PRF Parsing Integer Overflow Vulnerability at http://www.idefense.com/application/poi/display?id=160&type=vulnerabilit&flashstatus=true.
xzgv Web page, xzgv at http://rus.members.beeb.net/xzgv.html.
CVE-2004-0994: Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.
DSA-614: xzgv -- integer overflows
GLSA-200501-09: xzgv: Multiple overflows

Reported:

Dec 13, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page