CVE-2006-1060

Name of the Vulnerable Software and Affected Versions zgv versions before 5.8 xzgv versions before 0.8

Description The issue is related to multiple vulnerabilities in the zgv and xzgv packages, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, a heap-based buffer overflow in zgv and xzgv might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space.

Recommendations For zgv versions before 5.8, update to version 5.8 or later to resolve the issue. For xzgv versions before 0.8, update to version 0.8 or later to resolve the issue. As a temporary workaround, consider avoiding the use of JPEG images with more than 3 output components, such as CMYK or YCCK color spaces, until a patch is available.