FreeBSD Ports: zgv

The remote host is missing an update to the system as announced in the referenced advisory.

The following packages are affected: zgv xzgv CVE-2004-0994 Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.

Update your system with the appropriate patches or software upgrades. http://rus.members.beeb.net/xzgv.html http://www.svgalib.org/rus/zgv/ http://www.idefense.com/application/poi/display?id=160&type=vulnerabilities&flashstatus=false http://marc.theaimsgroup.com/?l=bugtraq&m=109886210702781 http://marc.theaimsgroup.com/?l=bugtraq&m=109898111915661 http://www.vuxml.org/freebsd/249a8c42-6973-11d9-ae49-000c41e2cdad.html