CVE-2006-1060
xzgv < 0.8 - Heap-Based Buffer Overflow via JPEG Image with Excessive Output Components
Title source: llmDescription
Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space, which causes less memory to be allocated than required.
References (13)
Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17409
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19572
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19779
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19790
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1288
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19757
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_08_sr.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25718
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1037
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19731
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/756
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19571
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1038
Scores
EPSS
0.0407
EPSS Percentile
89.5%
Details
CWE
CWE-119
Status
published
Products (1)
xzgv/xzgv
< 0.8
Published
Apr 11, 2006
Tracked Since
Feb 18, 2026