This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsaid="201503-07">
<title>hivex: User-assisted execution of arbitrary code</title>
<synopsis>An out-of-bounds error in hivex may result in execution of
arbitrary code or Denial of Service.
</synopsis>
<producttype="ebuild">hivex</product>
<announced>2015-03-14</announced>
<revisedcount="1">2015-03-14</revised>
<bug>490990</bug>
<access>local, remote</access>
<affected>
<packagename="app-misc/hivex"auto="yes"arch="*">
<unaffectedrange="ge">1.3.11</unaffected>
<vulnerablerange="lt">1.3.11</vulnerable>
</package>
</affected>
<background>
<p>hivex is a library for reading and writing Windows Registry ‘hive’
binary files.
</p>
</background>
<description>
<p>Manipulating a short or truncated hive file may trigger an out-of-bounds
read or write in hivex.
</p>
</description>
<impacttype="normal">
<p>A context-dependent attacker could cause an application linked against
hivex to pass a short or truncated hive file, possibly resulting in
execution of arbitrary code with the privileges of the process or a
Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All hivex users should upgrade to the latest version:</p>
