The version of xloadimage (a graphics files viewer for X) that was shipped in Debian GNU/Linux 2.2 has a buffer overflow in the code that handles FACES format images. This could be exploited by an attacker by tricking someone into viewing a specially crafted image using xloadimage which would allow them to execute arbitrary code. This problem was fixed in version 4.1-5potato1.
xloadimage
(a graphics files viewer for X) that was
shipped in Debian GNU/Linux 2.2 has a buffer overflow in the code that
handles FACES format images. This could be exploited by an attacker by
tricking someone into viewing a specially crafted image using xloadimage
which would allow them to execute arbitrary code.
This problem was fixed in version 4.1-5potato1.
MD5 checksums of the listed files are available in the original advisory.