XV Planetary Data System Image Decoder Unspecified Input Validation Vulnerability
BID:13244
Info
XV Planetary Data System Image Decoder Unspecified Input Validation Vulnerability
| Bugtraq ID: | 13244 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 19 2005 12:00AM |
| Updated: | Apr 19 2005 12:00AM |
| Credit: | Tavis Ormandy is credited with the discovery of these issues. |
| Vulnerable: |
John Bradley XV 3.10 a |
| Not Vulnerable: | |
Discussion
XV Planetary Data System Image Decoder Unspecified Input Validation Vulnerability
An unspecified input validation vulnerability affects xv. This issues is due to a failure of the application to properly sanitize input prior to using it to carry out critical functions.
Although unconfirmed, it is likely that these issues may be exploited to cause the affected application to crash, and potentially execute arbitrary commands or machine code. This BID will be updated with the release of further details.
Reportedly this issue is distinct from those outlined in BID 13243 (XV Image Decoders Multiple Unspecified Input Validation Vulnerabilities).
An unspecified input validation vulnerability affects xv. This issues is due to a failure of the application to properly sanitize input prior to using it to carry out critical functions.
Although unconfirmed, it is likely that these issues may be exploited to cause the affected application to crash, and potentially execute arbitrary commands or machine code. This BID will be updated with the release of further details.
Reportedly this issue is distinct from those outlined in BID 13243 (XV Image Decoders Multiple Unspecified Input Validation Vulnerabilities).
Exploit / POC
XV Planetary Data System Image Decoder Unspecified Input Validation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
XV Planetary Data System Image Decoder Unspecified Input Validation Vulnerability
Solution:
Gentoo Linux has released advisory GLSA 200504-17 dealing with this and other issues. Gentoo advises that all XV users should upgrade to the latest version by executing the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r11"
For more information, please see the referenced Gentoo Linux advisory.
Solution:
Gentoo Linux has released advisory GLSA 200504-17 dealing with this and other issues. Gentoo advises that all XV users should upgrade to the latest version by executing the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r11"
For more information, please see the referenced Gentoo Linux advisory.
References
XV Planetary Data System Image Decoder Unspecified Input Validation Vulnerability
References:
References:
- XV Homepage (John Bradley)