CVE-2006-5864

Description

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.

Affected products

• gnu / gv3.5.8 – 3.5.8
• gnu / gv3.6.0 – 3.6.0
• gnu / gv3.6.1 – 3.6.1
• gnu / gv3.6.2 – 3.6.2

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/30153
• VENDOR_ADVISORYhttp://www.debian.org/security/2006/dsa-1214
• VENDOR_ADVISORYhttp://secunia.com/advisories/23018
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/4424
• VENDOR_ADVISORYhttp://secunia.com/advisories/22932
• EXPLOIThttps://www.exploit-db.com/exploits/2858
• VENDOR_ADVISORYhttp://secunia.com/advisories/23353
• VENDOR_ADVISORYhttp://secunia.com/advisories/23306
• VENDOR_ADVISORYhttp://secunia.com/advisories/23266
• VENDOR_ADVISORYhttp://secunia.com/advisories/23579
• VENDOR_ADVISORYhttp://secunia.com/advisories/24787
• VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2006_26_sr.html
• VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2006_28_sr.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/23409
• MISChttp://security.gentoo.org/glsa/glsa-200704-06.xml
• MISChttp://security.gentoo.org/glsa/glsa-200703-24.xml
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/usn-390-2
• VENDOR_ADVISORYhttp://secunia.com/advisories/23335
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/4747
• MISChttp://www.kb.cert.org/vuls/id/352825
• MISChttp://www.securityfocus.com/archive/1/451057/100/0/threaded
• VENDOR_ADVISORYhttp://secunia.com/advisories/23111
• VENDOR_ADVISORYhttp://secunia.com/advisories/23183
• VENDOR_ADVISORYhttp://www.debian.org/security/2006/dsa-1243
• MISChttp://www.securityfocus.com/bid/20978
• MISChttp://security.gentoo.org/glsa/glsa-200611-20.xml
• MISChttp://www.securityfocus.com/archive/1/451422/100/200/threaded
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:214
• VENDOR_ADVISORYhttp://secunia.com/advisories/23006
• VENDOR_ADVISORYhttp://secunia.com/advisories/22787
• MISChttps://issues.rpath.com/browse/RPL-850
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/30555
• VENDOR_ADVISORYhttp://secunia.com/advisories/23118
• VENDOR_ADVISORYhttp://secunia.com/advisories/24649
• VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2006_29_sr.html
• MISChttp://www.securityfocus.com/archive/1/452868/100/0/threaded
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:229
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/usn-390-3
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/usn-390-1