Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200504-17] XV: Multiple vulnerabilities

Vulnerability Assessment Details

[GLSA-200504-17] XV: Multiple vulnerabilities

Vulnerability Assessment Summary
XV: Multiple vulnerabilities

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200504-17
(XV: Multiple vulnerabilities)

Greg Roelofs has reported multiple input validation errors in XV
image decoders. Tavis Ormandy of the Gentoo Linux Security Audit Team
has reported insufficient validation in the PDS (Planetary Data System)
image decoder, format string vulnerabilities in the TIFF and PDS
decoders, and insufficient protection from shell meta-characters in
malformed filenames.


Successful exploitation would require a victim to view a specially
created image file using XV, potentially resulting in the execution of
arbitrary code.


There is no known workaround at this time.

All XV users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r11"

Network Security Threat Level: Medium

Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi

Cables, Connectors

654540-001 SAS/SATA/SSD 2.5" to 3.5" Drive Adapter FOR HP 651314-001 F238F tray
654540-001 SAS/SATA/SSD 2.5SUPER TALENT DuraDrive AT7 64GB 2.5 inch SATA3 Solid State Drive (MLC) / FTM0...
SUPER TALENT DuraDrive AT7 64GB 2.5 inch SATA3 Solid State Drive (MLC) / FTM0... pictureHP 583510-001 80GB 1.8" uSATA SSD Intel Hard Drive tested in working condition
HP 583510-001 80GB 1.8Kingston 480 GB 2.5" Internal Solid State Drive
Kingston 480 GB 2.5


No Discussions have been posted on this vulnerability.