Vulnerabilities > CVE-2005-0665 - Unspecified vulnerability in John Bradley XV 3.10A
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200503-09.NASL description The remote host is affected by the vulnerability described in GLSA-200503-09 (xv: Filename handling vulnerability) Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv. Impact : Successful exploitation would require a victim to process a specially crafted image with a malformed filename, potentially resulting in the execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 17275 published 2005-03-06 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17275 title GLSA-200503-09 : xv: Filename handling vulnerability NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A4BD30399A4811D9A2560001020EED82.NASL description A Gentoo Linux Security Advisory reports : Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv. Successful exploitation would require a victim to process a specially crafted image with a malformed filename, potentially resulting in the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 19060 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19060 title FreeBSD : xv -- filename handling format string vulnerability (a4bd3039-9a48-11d9-a256-0001020eed82)