| Vulnerability Name: | CVE-2005-3178 (CCN-22537) | ||||||||||||||||||||||||
| Assigned: | 2005-10-05 | ||||||||||||||||||||||||
| Published: | 2005-10-05 | ||||||||||||||||||||||||
| Updated: | 2018-10-19 | ||||||||||||||||||||||||
| Summary: | Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assisted attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P) 3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: SCO Type: UNKNOWN SCOSA-2005.62 Source: SCO Type: UNKNOWN SCOSA-2005.56 Source: CCN Type: BugTraq Mailing List, Wed Oct 05 2005 - 16:27:57 CDT xloadimage buffer overflow. Source: MITRE Type: CNA CVE-2005-3178 Source: BUGTRAQ Type: UNKNOWN 20051005 xloadimage buffer overflow. Source: CCN Type: RHSA-2005-802 xloadimage security update Source: CCN Type: SA17087 Xloadimage NIFF Image Title Handling Buffer Overflow Source: SECUNIA Type: Vendor Advisory 17087 Source: CCN Type: SA17124 xli NIFF Image Title Handling Buffer Overflow Source: SECUNIA Type: UNKNOWN 17124 Source: SECUNIA Type: UNKNOWN 17139 Source: SECUNIA Type: UNKNOWN 17140 Source: SECUNIA Type: UNKNOWN 17143 Source: SECUNIA Type: UNKNOWN 17206 Source: SECUNIA Type: UNKNOWN 17273 Source: SECUNIA Type: UNKNOWN 17282 Source: SECUNIA Type: UNKNOWN 17369 Source: SECUNIA Type: UNKNOWN 18050 Source: SECUNIA Type: UNKNOWN 18170 Source: CCN Type: SA18491 Avaya Products xloadimage NIFF Image Handling Buffer Overflow Source: SECUNIA Type: UNKNOWN 18491 Source: CCN Type: SECTRACK ID: 1015072 Xloadimage Buffer Overflows in Processing NIFF Format Files Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015072 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2006-013.htm Source: CCN Type: ASA-2006-013 xloadimage security update (RHSA-2005-802) Source: CCN Type: ASA-2006-036 Xloadimage NIFF Image and LibXPM Vulnerabilities (SCOSA-2005.56 SCOSA-2005.57) Source: DEBIAN Type: Patch, Vendor Advisory DSA-858 Source: DEBIAN Type: Patch, Vendor Advisory DSA-859 Source: DEBIAN Type: DSA-858 xloadimage -- buffer overflows Source: DEBIAN Type: DSA-859 xli -- buffer overflows Source: CCN Type: xloadimage Web page What is Xloadimage? Source: CCN Type: GLSA-200510-26 XLI, Xloadimage: Buffer overflow Source: GENTOO Type: UNKNOWN GLSA-200510-26 Source: MANDRIVA Type: UNKNOWN MDKSA-2005:192 Source: SUSE Type: UNKNOWN SUSE-SR:2005:024 Source: REDHAT Type: UNKNOWN RHSA-2005:802 Source: FEDORA Type: UNKNOWN FLSA-2006:152923 Source: BID Type: UNKNOWN 15051 Source: CCN Type: BID-15051 XLoadImage Multiple Remote Buffer Overflow Vulnerabilities Source: XF Type: UNKNOWN xloadimage-niff-image-bo(22537) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10590 Source: SUSE Type: SUSE-SR:2005:024 SUSE Security Summary Report | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||