GLSA-200411-12 : zgv: Multiple buffer overflows
Critical Nessus Plugin ID 15646
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200411-12 (zgv: Multiple buffer overflows)
Multiple arithmetic overflows have been detected in the image processing code of zgv.
An attacker could entice a user to open a specially crafted image file, potentially resulting in execution of arbitrary code with the rights of the user running zgv.
There is no known workaround at this time.
SolutionAll zgv users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-gfx/zgv-5.8'