ID CVE-2005-3178
Summary Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assisted attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations.
References
Vulnerable Configurations
  • cpe:2.3:a:xli:xli
    cpe:2.3:a:xli:xli
  • cpe:2.3:a:xloadimage:xloadimage:4.1
    cpe:2.3:a:xloadimage:xloadimage:4.1
CVSS
Base: 5.1 (as of 07-10-2005 - 15:03)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200510-26.NASL
    description The remote host is affected by the vulnerability described in GLSA-200510-26 (XLI, Xloadimage: Buffer overflow) When XLI or Xloadimage process an image, they create a new image object to contain the new image, copying the title from the old image to the newly created image. Ariel Berkman reported that the 'zoom', 'reduce', and 'rotate' functions use a fixed length buffer to contain the new title, which could be overwritten by the NIFF or XPM image processors. Impact : A malicious user could craft a malicious XPM or NIFF file and entice a user to view it using XLI, or manipulate it using Xloadimage, potentially resulting in the execution of arbitrary code with the permissions of the user running XLI or Xloadimage. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 21275
    published 2006-04-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21275
    title GLSA-200510-26 : XLI, Xloadimage: Buffer overflow
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-192.NASL
    description Ariel Berkman discovered several buffer overflows in xloadimage, which are also present in xli, a command line utility for viewing images in X11, and could be exploited via large image titles and cause the execution of arbitrary code. The updated packages have been patched to address this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20434
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20434
    title Mandrake Linux Security Advisory : xli (MDKSA-2005:192)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-858.NASL
    description Ariel Berkman discovered several buffer overflows in xloadimage, a graphics file viewer for X11, that can be exploited via large image titles and cause the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19966
    published 2005-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19966
    title Debian DSA-858-1 : xloadimage - buffer overflows
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_2F0CB4BB416D11DA99FE000854D03344.NASL
    description Ariel Berkman reports : Unlike most of the supported image formats in xloadimage, the NIFF image format can store a title name of arbitrary length as part of the image file. When xloadimage is processing a loaded image, it is creating a new Image object and then writing the processed image to it. At that point, it will also copy the title from the old image to the newly created image. The 'zoom', 'reduce', and 'rotate' functions are using a fixed length buffer to construct the new title name when an image processing is done. Since the title name in a NIFF format is of varying length, and there are insufficient buffer size validations, the buffer can be overflowed.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 21409
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21409
    title FreeBSD : xloadimage -- buffer overflows in NIFF image title handling (2f0cb4bb-416d-11da-99fe-000854d03344)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-802.NASL
    description A new xloadimage package that fixes bugs in handling malformed tiff and pbm/pnm/ppm images, and in handling metacharacters in file names is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The xloadimage utility displays images in an X Window System window, loads images into the root window, or writes images into a file. Xloadimage supports many image types (including GIF, TIFF, JPEG, XPM, and XBM). A flaw was discovered in xloadimage via which an attacker can construct a NIFF image with a very long embedded image title. This image can cause a buffer overflow. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-3178 to this issue. All users of xloadimage should upgrade to this erratum package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 20060
    published 2005-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20060
    title RHEL 2.1 / 3 / 4 : xloadimage (RHSA-2005:802)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-859.NASL
    description Ariel Berkman discovered several buffer overflows in xloadimage, which are also present in xli, a command line utility for viewing images in X11, and could be exploited via large image titles and cause the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19967
    published 2005-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19967
    title Debian DSA-859-1 : xli - buffer overflows
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-802.NASL
    description A new xloadimage package that fixes bugs in handling malformed tiff and pbm/pnm/ppm images, and in handling metacharacters in file names is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The xloadimage utility displays images in an X Window System window, loads images into the root window, or writes images into a file. Xloadimage supports many image types (including GIF, TIFF, JPEG, XPM, and XBM). A flaw was discovered in xloadimage via which an attacker can construct a NIFF image with a very long embedded image title. This image can cause a buffer overflow. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-3178 to this issue. All users of xloadimage should upgrade to this erratum package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21862
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21862
    title CentOS 3 / 4 : xloadimage (CESA-2005:802)
oval via4
accepted 2013-04-29T04:06:55.287-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assisted attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations.
family unix
id oval:org.mitre.oval:def:10590
status accepted
submitted 2010-07-09T03:56:16-04:00
title Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assisted attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations.
version 22
redhat via4
advisories
rhsa
id RHSA-2005:802
refmap via4
bid 15051
bugtraq 20051005 xloadimage buffer overflow.
confirm http://support.avaya.com/elmodocs2/security/ASA-2006-013.htm
debian
  • DSA-858
  • DSA-859
fedora FLSA-2006:152923
gentoo GLSA-200510-26
mandriva MDKSA-2005:192
sco
  • SCOSA-2005.56
  • SCOSA-2005.62
sectrack 1015072
secunia
  • 17087
  • 17124
  • 17139
  • 17140
  • 17143
  • 17206
  • 17273
  • 17282
  • 17369
  • 18050
  • 18170
  • 18491
suse SUSE-SR:2005:024
Last major update 17-10-2016 - 23:33
Published 07-10-2005 - 14:02
Last modified 19-10-2018 - 11:34
Back to Top