A vulnerability in the default image viewer for one of the two major Linux desktop systems could allow an attacker to execute code on a computer running the GNOME software, security group Core Security Technologies said in an advisory on Friday. The primary danger appears to be that some mail readers use the software, called Eye of GNOME, to display images within e-mails, opening the possibility that a virus could be spread using the flaw.
The threat is reduced by several factors, stated the security group. Many Linux users run the other major desktop software, KDE, and may not have the GNOME libraries nor the Eye of GNOME application installed. Moreover, many mail readers do not pass images to EoG automatically. Finally, any program started by EoG will only run with the privileges of the user, so the system shouldn't be harmed. The patched version of the software can be downloaded from the GNOME Project site.