Eye of Gnome contains a format string vulnerability that may allow remote attackers to execute arbitrary code with the privileges of the user running the application, typically an unprivileged system user.
Eye of Gnome (EOG) is an image viewing application that is part of the GNOME desktop suite. Researchers from Core Security Technologies have discovered a format string vulnerability in the command line parser of this product. The vulnerability exists in a section of the command line parser that processes file names.
This vulnerability may allow remote attackers to execute arbitrary code with the privileges of the user running EOG, typically an unprivileged system user.
Apply a patch
The vendor section of this document lists vendors and their responses to this vulnerability.
The CERT/CC thanks Core Security Technologies for discovering this vulnerability and working with the vendor to address it.
This document was written by Jeffrey P. Lanza.
|Date First Published:||2003-04-04|
|Date Last Updated:||2003-04-17 23:14 UTC|