CVE-2006-1060

Name	CVE-2006-1060
Description	Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space, which causes less memory to be allocated than required.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1037-1, DSA-1038-1
Debian Bugs	362288

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
xzgv (PTS)	sid, trixie, bookworm, bullseye	0.9.2-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
xzgv	source	woody	0.7-6woody3		DSA-1038-1
xzgv	source	sarge	0.8-3sarge1		DSA-1038-1
xzgv	source	(unstable)	0.8-5.1	medium		362288
zgv	source	woody	5.5-3woody3		DSA-1037-1
zgv	source	sarge	5.7-1.4		DSA-1037-1
zgv	source	(unstable)	5.9-2