XV Image Decoders Multiple Unspecified Input Validation Vulnerabilities
BID:13243
Info
XV Image Decoders Multiple Unspecified Input Validation Vulnerabilities
| Bugtraq ID: | 13243 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 19 2005 12:00AM |
| Updated: | Apr 19 2005 12:00AM |
| Credit: | Greg Roelofs is credited with the discovery of these issues. |
| Vulnerable: |
John Bradley XV 3.10 a |
| Not Vulnerable: | |
Discussion
XV Image Decoders Multiple Unspecified Input Validation Vulnerabilities
Multiple unspecified input validation vulnerabilities affect xv. These issues are due to a failure of the application to properly sanitize input prior to using it to carry out critical functions.
Although unconfirmed, it is likely that these issues may be exploited to cause the affected application to crash, and potentially execute arbitrary commands or machine code. This BID will be updated and potentially split into seperate BIDs with the release of further details.
Multiple unspecified input validation vulnerabilities affect xv. These issues are due to a failure of the application to properly sanitize input prior to using it to carry out critical functions.
Although unconfirmed, it is likely that these issues may be exploited to cause the affected application to crash, and potentially execute arbitrary commands or machine code. This BID will be updated and potentially split into seperate BIDs with the release of further details.
Exploit / POC
XV Image Decoders Multiple Unspecified Input Validation Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
XV Image Decoders Multiple Unspecified Input Validation Vulnerabilities
Solution:
Gentoo Linux has released advisory GLSA 200504-17 dealing with this and other issues. Gentoo advises that all XV users should upgrade to the latest version by executing the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r11"
For more information, please see the referenced Gentoo Linux advisory.
Slackware Linux has released advisory SSA:2005-195-02, along with fixes to address various issues. Please see the referenced advisory for further information.
John Bradley XV 3.10 a
Solution:
Gentoo Linux has released advisory GLSA 200504-17 dealing with this and other issues. Gentoo advises that all XV users should upgrade to the latest version by executing the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r11"
For more information, please see the referenced Gentoo Linux advisory.
Slackware Linux has released advisory SSA:2005-195-02, along with fixes to address various issues. Please see the referenced advisory for further information.
John Bradley XV 3.10 a
-
Slackware xv-3.10a-i386-4.tgz
Slackware 8.1
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/x v-3.10a-i386-4.tgz -
Slackware xv-3.10a-i386-4.tgz
Slackware 9.0
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/x v-3.10a-i386-4.tgz -
Slackware xv-3.10a-i486-4.tgz
Slackware 10.0
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ xv-3.10a-i486-4.tgz -
Slackware xv-3.10a-i486-4.tgz
Slackware 10.1
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ xv-3.10a-i486-4.tgz -
Slackware xv-3.10a-i486-4.tgz
Slackware 9.1
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/x v-3.10a-i486-4.tgz -
Slackware xv-3.10a-i486-4.tgz
Slackware -current
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/ xv-3.10a-i486-4.tgz
References
XV Image Decoders Multiple Unspecified Input Validation Vulnerabilities
References:
References:
- XV Homepage (John Bradley)