zgv is a console image viewer based on svgalib.
Multiple arithmetic overflows have been detected in the image processing code of zgv.
An attacker could entice a user to open a specially-crafted image file, potentially resulting in execution of arbitrary code with the rights of the user running zgv.
There is no known workaround at this time.
All zgv users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/zgv-5.8"