From 04553960c7cc52349fb0b823f6db37eb9acd50e9 Mon Sep 17 00:00:00 2001 From: nectar Date: Tue, 5 Oct 2004 12:52:57 +0000 Subject: Note that xv should not be used. Approved by: portmgr --- security/vuxml/vuln.xml | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'security/vuxml/vuln.xml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 7981f09b76e6..3335ee8d760f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,46 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + xv -- exploitable buffer overflows + + + xv + xv-m17n + 0 + + + + +

In a Bugtraq posting, infamous41md(at)hotpop.com reported:

+
there are at least 5 exploitable buffer and heap + overflows in the image handling code. this allows someone + to craft a malicious image, trick a user into viewing the + file in xv, and upon viewing that image execute arbitrary + code under privileges of the user viewing image. note + the AT LEAST part of the above sentence. there is such a + plethora of bad code that I just stopped reading after + a while. there are at least 100 calls to sprintf() and + strcpy() with no regards for bounds of buffers. 95% of + these deal with program arguments or filenames, so they + are of no interest to exploit. however I just got sick of + reading this code after not too long. so im sure there are + still other overflows in the image handling code for other + image types.
+

The posting also included an exploit.

+ + + + http://marc.theaimsgroup.com/?l=bugtraq&m=109302498125092 + + + 2004-08-20 + 2004-10-05 + + + getmail -- symlink vulnerability during maildir delivery -- cgit