FreeBSD : xv -- filename handling format string vulnerability (a4bd3039-9a48-11d9-a256-0001020eed82)
Medium Nessus Plugin ID 19060
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionA Gentoo Linux Security Advisory reports :
Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv.
Successful exploitation would require a victim to process a specially crafted image with a malformed filename, potentially resulting in the execution of arbitrary code.
SolutionUpdate the affected packages.