Published: 18/10/2001 Updated: 20/05/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote malicious users to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xli xli 1.16
xli xli 1.17
xloadimage xloadimage 4.1

The version of xloadimage (a graphics files viewer for X) that was shipped in Debian GNU/Linux 22 has a buffer overflow in the code that handles FACES format images This could be exploited by an attacker by tricking someone into viewing a specially crafted image using xloadimage which would allow them to execute arbitrary code This problem was f ...

// source: wwwsecurityfocuscom/bid/3006/info // // xloadimage is a utility used for displaying images of varying formats on X11 servers // // xloadimage and possibly derivatives such as 'xli' contain a buffer overflow vulnerability in the handling of the 'Faces Project' image type // // It is possible for remote attackers to create a ...

CWE-119 http://www.securityfocus.com/archive/1/195823 http://www.securityfocus.com/bid/3006 http://www.gentoo.org/security/en/glsa/glsa-200503-05.xml http://www.novell.com/linux/security/advisories/2001_024_xli_txt.html http://www.redhat.com/support/errata/RHSA-2001-088.html http://www.iss.net/security_center/static/6821.php http://www.debian.org/security/2005/dsa-695 http://www.debian.org/security/2001/dsa-069 https://nvd.nist.gov https://www.debian.org/security/./dsa-069 https://www.exploit-db.com/exploits/20998/

CVE-2001-0775

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect