xzgv read_prf_file integer overflow

xzgv-readprffile-bo (18454) The risk level is classified as HighHigh Risk

Description:

xzgv is vulnerable to an integer overflow in the read_prf_file method. By creating a specially-crafted image file, a remote attacker could cause the program to crash or possibly execute arbitrary code on the system, once the victim uses xzgv to process the file.


Consequences:

Gain Access

Remedy:

Apply the xzgv-0.8-integer-overflow-fix.diff patch, as listed in iDEFENSE Security Advisory 12.13.04. See References.

For Debian GNU LInux 3.0 (woody):
Upgrade to the latest version of xzgv (0.7-6woody2 or later), as listed in DSA-614-1. See References.

For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2005-01-09 for patch, upgrade, or suggested workaround information. See References.

References:

  • iDEFENSE Security Advisory 12.13.04: Multiple Vendor xzgv PRF Parsing Integer Overflow Vulnerability .
  • xzgv Web page: xzgv.
  • CVE-2004-0994: Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.
  • DSA-614: xzgv -- integer overflows
  • GLSA-200501-09: xzgv: Multiple overflows

Platforms Affected:

  • Debian Debian Linux 3.0
  • Debian Debian Linux
  • FreeBSD FreeBSD
  • Gentoo Linux
  • SUSE SuSE Linux
  • xzgv xzgv

Reported:

Dec 13, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page