PT-2005-4090 · Jan Kybic · Jan Kybic Bitmap Viewer

Published

2005-10-23

Updated

2008-09-05

CVE-2005-3279

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Jan Kybic BitMap Viewer (BMV) version 1.2

Description The issue is a stack-based buffer overflow in the vgasco printf function. This occurs when the software is compiled with the M UNIX flag and running setuid, allowing local users to gain privileges. The overflow can be triggered by a long filename in the -b command line option.

Recommendations For Jan Kybic BitMap Viewer (BMV) version 1.2, consider restricting the use of the -b command line option or avoiding the use of long filenames with this option until a fix is available. As a temporary workaround, do not run the software setuid when compiled with the M UNIX flag.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3279

Affected Products

Jan Kybic Bitmap Viewer

PT-2005-4090 · Jan Kybic · Jan Kybic Bitmap Viewer

CVE-2005-3279

Related Identifiers

Affected Products

References · 2