CVE-2006-1060

EPSS 2.3%

zgv - programming error

發布日:2006/4/11修改日:2026/4/28

也稱為:DEBIAN-CVE-2006-1060

描述

Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space, which causes less memory to be allocated than required.

受影響套件(3)

Debian/xzgvfrom 0, < 0.8-5.1
Debian/xzgvfrom 0, < 0.7-6woody3
Debian/zgvfrom 0, < 5.5-3woody3

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-1060