FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zgv -- exploitable heap overflows

Affected packages
zgv < 5.8_1
xzgv < 0.8_2

Details

VuXML ID 249a8c42-6973-11d9-ae49-000c41e2cdad
Discovery 2004-10-26
Entry 2005-01-18
Modified 2005-01-21

infamous41md reports:

zgv uses malloc() frequently to allocate memory for storing image data. When calculating how much to allocate, user supplied data from image headers is multiplied and/or added without any checks for arithmetic overflows. We can overflow numerous calculations, and cause small buffers to be allocated. Then we can overflow the buffer, and eventually execute code. There are a total of 11 overflows that are exploitable to execute arbitrary code.

[source]

These bugs exist in both zgv and xzgv.

References

CVE Name CVE-2004-0994
Message 20041025210717.2799d9c1.infamous41md@hotpop.com
Message 20041027233907.A3678@netdirect.ca
URL http://rus.members.beeb.net/xzgv.html
URL http://www.idefense.com/application/poi/display?id=160&type=vulnerabilities&flashstatus=false
URL http://www.svgalib.org/rus/zgv/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.