[Scribus] Warning: Buffer overflow vulnerability not only in Adobe Reader, also zlib
Andreas Vox
vox
Fri Jul 8 00:36:03 CEST 2005
Hi!
While we are at it, the Gentoo team reported a similar error in zlib:
http://www.gentoo.org/security/en/glsa/glsa-200507-05.xml
This is far worse because zlib is jused in many places and might be
compiled statically into other programs or libraries, making them also
vulnerable.
Zlib is used for example for the PNG and TIFF file formats, and Scribus
(de)compresses .sla.gz files with it.
If any exploits for this vulnerabilty show up, Internet will become
*very* insecure. Anyone should do the respective security updates for
zlib, web browsers and image programs as soon as they become available;
and be extremely careful in the meantime.
/Andreas
More information about the scribus
mailing list