XV Planetary Data System Image Decoder Format String Vulnerability
BID:13245
Info
XV Planetary Data System Image Decoder Format String Vulnerability
| Bugtraq ID: | 13245 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 19 2005 12:00AM |
| Updated: | Apr 19 2005 12:00AM |
| Credit: | Tavis Ormandy is credited with the discovery of these issues. |
| Vulnerable: |
John Bradley XV 3.10 a |
| Not Vulnerable: | |
Discussion
XV Planetary Data System Image Decoder Format String Vulnerability
A remote, client-side format string vulnerability affects xv. This issue is due to a failure of the application to securely implement a formatted printing function.
An attacker may leverage this issue to execute arbitrary code with the privileges of an unsuspecting user that activated the vulnerable utility.
A remote, client-side format string vulnerability affects xv. This issue is due to a failure of the application to securely implement a formatted printing function.
An attacker may leverage this issue to execute arbitrary code with the privileges of an unsuspecting user that activated the vulnerable utility.
Exploit / POC
XV Planetary Data System Image Decoder Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
XV Planetary Data System Image Decoder Format String Vulnerability
Solution:
Gentoo Linux has released advisory GLSA 200504-17 dealing with this and other issues. Gentoo advises that all XV users should upgrade to the latest version by executing the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r11"
For more information, please see the referenced Gentoo Linux advisory.
Solution:
Gentoo Linux has released advisory GLSA 200504-17 dealing with this and other issues. Gentoo advises that all XV users should upgrade to the latest version by executing the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r11"
For more information, please see the referenced Gentoo Linux advisory.
References
XV Planetary Data System Image Decoder Format String Vulnerability
References:
References:
- XV Homepage (John Bradley)