CVE-2006-5864

Currently unrated

Key Information:

Vendor: Gnu
Status: Gv
Vendor: CVE Published:; 11 November 2006

Summary

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/30153

vdb-entryx_refsource_XF

http://www.debian.org/security/2006/dsa-1214

vendor-advisoryx_refsource_DEBIAN

http://secunia.com/advisories/23018

third-party-advisoryx_refsource_SECUNIA

EPSS Score

30% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 11, 2006
Vulnerability Reserved
Nov 10, 2006