CVE-2006-1060

EPSS 2.3%

zgv - programming error

Published: 4/11/2006Modified: 4/28/2026

Also known as:DEBIAN-CVE-2006-1060

Description

Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space, which causes less memory to be allocated than required.

Affected packages (3)

Debian/xzgvfrom 0, < 0.8-5.1
Debian/xzgvfrom 0, < 0.7-6woody3
Debian/zgvfrom 0, < 5.5-3woody3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-1060