FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-5864

This CVE name corresponds to:

Entered Topic
2006-12-14 evince -- Buffer Overflow Vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-5864 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-5864
Phase Assigned(20061110)

Description

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.

References

Source Reference
BUGTRAQ 20061109 GNU gv Stack Overflow Vulnerability
BUGTRAQ 20061112 Re: GNU gv Stack Overflow Vulnerability
BUGTRAQ 20061128 evince buffer overflow exploit (gv)
MILW0RM 2858
CONFIRM https://issues.rpath.com/browse/RPL-850
DEBIAN DSA-1214
DEBIAN DSA-1243
GENTOO GLSA-200611-20
GENTOO GLSA-200703-24
GENTOO GLSA-200704-06
MANDRIVA MDKSA-2006:214
MANDRIVA MDKSA-2006:229
SUSE SUSE-SR:2006:026
SUSE SUSE-SR:2006:028
SUSE SUSE-SR:2006:029
UBUNTU USN-390-1
UBUNTU USN-390-2
UBUNTU USN-390-3
CERT-VN VU#352825
BID 20978
VUPEN ADV-2006-4424
VUPEN ADV-2006-4747
SECUNIA 22787
SECUNIA 23006
SECUNIA 23018
SECUNIA 23118
SECUNIA 23111
SECUNIA 23183
SECUNIA 23266
SECUNIA 23306
SECUNIA 23353
SECUNIA 23335
SECUNIA 23409
SECUNIA 23579
SECUNIA 22932
SECUNIA 24787
SECUNIA 24649
XF gnu-gv-buffer-overflow(30153)
XF evince-postscript-bo(30555)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.