Gentoo Security Advisory GLSA 200707-06 (xnview) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200707-06.

Solution

No update appears to be forthcoming from the XnView developer and XnView is proprietary, so the XnView package has been masked in Portage. We recommend that users select an alternate graphics viewer and conversion utility, and unmerge XnView: # emerge --unmerge xnview http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200707-06 http://bugs.gentoo.org/show_bug.cgi?id=175670

Insight

XnView is vulnerable to a stack-based buffer overflow and possible remote code execution when handling XPM image files.

Severity

Classification

CVE CVE-2007-2194

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200409-09 (mit-krb5)
Gentoo Security Advisory GLSA 200408-13 (kde, kdebase, kdelibs)
Gentoo Security Advisory GLSA 200312-02 (Kernel)
Gentoo Security Advisory GLSA 200406-20 (Openswan)
Gentoo Security Advisory GLSA 200408-20 (Qt)

Take action and discover your vulnerabilities