Mandrake Linux Security Advisory : xloadimage (MDKSA-2001:073-1)
High Nessus Plugin ID 13888
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA buffer overflow exists in xli due to missing boundary checks. This could be triggered by an external attacker to execute commands on the victim's machine. An exploit is publically available. xli is an image viewer that is used by Netscape's plugger to display TIFF, PNG, and Sun-Raster images.
The xloadimage package uses the same code as xli and is likewise vulnerable. An update is provided for xloadimage which was only provided with Linux-Mandrake 7.2.
SolutionUpdate the affected xli and / or xloadimage packages.