i found this vuln on secunia, looks like xnview has an unfixed buffer overflow in the xpm file handling function.
There are a few exploits around, and the only workaround 'yet' is to not open xpm files you dont trust.
maintainers - please provide a fix
Latest for Linux is 1.70 (http://perso.orange.fr/pierre.g/xnview/endownloadlinux.html), the advisory doesn't state if it's affected. It's a binary package, so we can't just patch it. If it's confirmed in 1.70 for linux-x86 and/or 1.50 for linux-ppc I'm for masking this as this is a second security bug in it (the first one is http://www.gentoo.org/security/en/glsa/glsa-200512-18.xml).
just mailed upstream to get some infos on this.
Any news from upstream?
Any news with this one?
According to Secunia there is still no fix available.
I'm for p.mask and removal in 14 days.
upstream should release 1.70.2 which fixes this, but I don't know when. I tried to send another e-mail few days ago and I'm waiting for an answer. btw I agree for p.mask until there's a fix available.
+# Krzysiek Pawlik <email@example.com> (01 Jul 2007)
+# Masked for security bug #175670.
+# Waiting for upstream to provide a fixed version.
+# If the fix won't be available the package will be removed.
some news: http://secunia.com/advisories/28326/
Dercorny, do you know iif the XPM issue is fixed in version 1.92?
Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to
execute arbitrary code via a long filename argument on the command line.
NOTE: it is unclear whether there are common handler configurations in which
this argument is controlled by an attacker.
Already masked, and maskglsa'd. The Linux build has not been updated since 2006.
Can we remove this?
Not in tree anymore. If upstream doesn't care about updating their binary blob for security, but does updates for Windows version.. we should we care?
Gone. Gone. Gone.
Closing since this got maskglsa 200707-06.