zgv contains multiple buffer overflows that can potentially lead to the execution of arbitrary code.
|Package||media-gfx/zgv on all architectures|
|Affected versions||< 5.8|
|Unaffected versions||>= 5.8|
zgv is a console image viewer based on svgalib.
Multiple arithmetic overflows have been detected in the image processing code of zgv.
An attacker could entice a user to open a specially-crafted image file, potentially resulting in execution of arbitrary code with the rights of the user running zgv.
There is no known workaround at this time.
All zgv users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/zgv-5.8"
November 07, 2004
May 22, 2006: 02