Summary
The remote host is missing updates announced in
advisory GLSA 200707-06.
Solution
No update appears to be forthcoming from the XnView developer and XnView is proprietary, so the XnView package has been masked in Portage. We recommend that users select an alternate graphics viewer and conversion utility, and unmerge XnView:
# emerge --unmerge xnview
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200707-06 http://bugs.gentoo.org/show_bug.cgi?id=175670
Insight
XnView is vulnerable to a stack-based buffer overflow and possible remote code execution when handling XPM image files.
Severity
Classification
-
CVE CVE-2007-2194 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities