Rapid7 Vulnerability & Exploit Database

RHSA-2003:128: Updated Eye of GNOME packages fix vulnerability

Back to Search

RHSA-2003:128: Updated Eye of GNOME packages fix vulnerability

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
04/02/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated eog packages that fix a security vulnerability are now available.

Eye of GNOME (EOG) is a component for the GNOME desktop used by various Red Hat Linux packages for displaying images. A vulnerability was found in EOG version 2.2.0 and earlier. A carefully crafted filename passed to the program could lead to the execution of arbitrary code. An attacker could exploit this because various packages (Mutt, for example) make use of EOG for image viewing. All users are advised to upgrade to these erratum packages which contain a backported patch correcting this issue.

Solution(s)

  • redhat-upgrade-eog

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;