exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2006-5864

Status Candidate

Overview

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.

Related Files

Gentoo Linux Security Advisory 200704-6
Posted Apr 8, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200704-06 - Evince includes code from GNU gv that does not properly boundary check user-supplied data before copying it into process buffers. Versions less than 0.6.1-r3 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2006-5864
SHA-256 | 5cd09ec712e583e6a89ee7bf8d00ef98a0c093a99dc5ff09cd572db1b7bfa7e3
Gentoo Linux Security Advisory 200703-24
Posted Mar 27, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200703-24 - mgv includes code from gv that does not properly boundary check user-supplied data before copying it into process buffers. Versions less than or equal to 3.1.5 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2006-5864
SHA-256 | 6272a4d60ff8b787632640ce2e5805790eeb6dff23dbc79cac813e3ad511d60c
Debian Linux Security Advisory 1243-1
Posted Dec 28, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1243-1 - Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X, performs insufficient boundary checks in the Postscript parsing code, which allows the execution of arbitrary code through a buffer overflow. Evince embeds a copy of gv and needs an update as well.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2006-5864
SHA-256 | 59b309a2e743b9753ae0975f2805f781a77e3e1cec2b5e23bf2c11ef5d354603
Debian Linux Security Advisory 1214-2
Posted Dec 28, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1214-2 - Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X, performs insufficient boundary checks in the Postscript parsing code, which allows the execution of arbitrary code through a buffer overflow. The original update provided in DSA 1214-1 was insufficient; this update corrects this.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2006-5864
SHA-256 | 3ad038b7a8d216760848cb055cab23532027492d9af8f4c892e01003eb30cb69
Ubuntu Security Notice 390-3
Posted Dec 7, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 390-3 - USN-390-2 fixed vulnerabilities in evince. This update provides the corresponding update for evince-gtk. A buffer overflow was discovered in the PostScript processor included in evince. By tricking a user into opening a specially crafted PS file, an attacker could crash evince or execute arbitrary code with the user's privileges.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2006-5864
SHA-256 | fb8e4b4eee4cbcdbfb0508079c28a845933456d3052b7044a5f1247a74785cfb
Ubuntu Security Notice 390-2
Posted Dec 7, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 390-2 - USN-390-1 fixed a vulnerability in evince. The original fix did not fully solve the problem, allowing for a denial of service in certain situations. A buffer overflow was discovered in the PostScript processor included in evince. By tricking a user into opening a specially crafted PS file, an attacker could crash evince or execute arbitrary code with the user's privileges.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2006-5864
SHA-256 | c8982417d61f56f03ea5a7fcb43e8d05307c889dc83a018acb5f177d4d40a750
Mandriva Linux Security Advisory 2006.214
Posted Dec 6, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2006-5864
SHA-256 | b0a8590ea11ba4afad9185f0a981496234a1d44af2df33534e836aa6a73fd319
Ubuntu Security Notice 390-1
Posted Dec 6, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 390-1 - A buffer overflow was discovered in the PostScript processor included in evince. By tricking a user into opening a specially crafted PS file, an attacker could crash evince or execute arbitrary code with the user's privileges.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2006-5864
SHA-256 | 4ff27831c73ace4a7dd7186a492469ef44e83021bd2cc275e38f7c5f69ece81e
Debian Linux Security Advisory 1214-1
Posted Nov 21, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1214-1 - Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X, performs insufficient boundary checks in the Postscript parsing code, which allows the execution of arbitrary code through a buffer overflow.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2006-5864
SHA-256 | 16b6e3210d3ac75c90cf81ad1784813c76b78f9acdefad2ef7e69b79cd134bd1
Mandriva Linux Security Advisory 2006.214
Posted Nov 19, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-214 - A stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2006-5864
SHA-256 | 06e80cb29efde91a8d7185f5306406d55dac86ef801844102583064f2eb57e71
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close