Launchpad.net

CVE 2006-5864

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.

Related bugs and status

CVE-2006-5864 (Candidate) is related to these bugs:

Bug #128319: Merge gv 3.6.3 (universe) from Debian (unstable)

Summary				In	Importance	Status
	128319	Merge gv 3.6.3 (universe) from Debian (unstable)		gv (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 20978
SECUNIA: 22787
DEBIAN: DSA-1214
SUSE: SUSE-SR:2006:026
SECUNIA: 23006
SECUNIA: 23018
GENTOO: GLSA-200611-20
SECUNIA: 23118
CERT-VN: VU#352825
SECUNIA: 23111
UBUNTU: USN-390-1
SECUNIA: 23183
UBUNTU: USN-390-2
UBUNTU: USN-390-3
SECUNIA: 23266
CONFIRM: https://issues.rpath.c...
SUSE: SUSE-SR:2006:028
SECUNIA: 23306
SECUNIA: 23353
SECUNIA: 23335
SUSE: SUSE-SR:2006:029
SECUNIA: 23409
DEBIAN: DSA-1243
SECUNIA: 23579
SECUNIA: 22932
GENTOO: GLSA-200703-24
GENTOO: GLSA-200704-06
SECUNIA: 24787
SECUNIA: 24649
MANDRIVA: MDKSA-2006:214
MANDRIVA: MDKSA-2006:229
VUPEN: ADV-2006-4424
VUPEN: ADV-2006-4747
XF: gnu-gv-buffer-overflow...
XF: evince-postscript-bo(3...
EXPLOIT-DB: 2858
BUGTRAQ: 20061109 GNU gv Stack ...
BUGTRAQ: 20061112 Re: GNU gv St...
BUGTRAQ: 20061128 evince buffer...