Debian Security Advisory DSA 608-1 (zgv)

The remote host is missing an update to zgv announced via advisory DSA 608-1.

Several vulnerabilities have been discovered in zgv, an SVGAlib graphics viewer for the i386 architecture. The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2004-1095 Luke Macken and infamous41md independently discoverd multiple integer overflows in zgv. Remote exploitation of an integer overflow vulnerability could allow the execution of arbitrary code. CVE-2004-0999 Mikulas Patocka discovered that malicious multiple-image (e.g. animated) GIF images can cause a segmentation fault in zgv. For the stable distribution (woody) these problems have been fixed in version 5.5-3woody1. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your zgv package immediately.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20608-1