CVE-2005-3279

Name of the Vulnerable Software and Affected Versions Jan Kybic BitMap Viewer (BMV) version 1.2

Description The issue is a stack-based buffer overflow in the vgasco printf function. This occurs when the software is compiled with the M UNIX flag and running setuid, allowing local users to gain privileges. The overflow can be triggered by a long filename in the -b command line option.

Recommendations For Jan Kybic BitMap Viewer (BMV) version 1.2, consider restricting the use of the -b command line option or avoiding the use of long filenames with this option until a fix is available. As a temporary workaround, do not run the software setuid when compiled with the M UNIX flag.