SecuritySpace - CVE-2006-5864

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

CVE ID:	CVE-2006-5864
Description:	Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.
Test IDs:	1.3.6.1.4.1.25623.1.0.57646 1.3.6.1.4.1.25623.1.0.58162 1.3.6.1.4.1.25623.1.0.57933 1.3.6.1.4.1.25623.1.0.59421 1.3.6.1.4.1.25623.1.0.59422 1.3.6.1.4.1.25623.1.0.59077 1.3.6.1.4.1.25623.1.0.59072 1.3.6.1.4.1.25623.1.0.57718 1.3.6.1.4.1.25623.1.0.57752 1.3.6.1.4.1.25623.1.0.57751 1.3.6.1.4.1.25623.1.0.58193 1.3.6.1.4.1.25623.1.0.57731 1.3.6.1.4.1.25623.1.0.59075 1.3.6.1.4.1.25623.1.0.57669 1.3.6.1.4.1.25623.1.0.57587
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5864 Bugtraq: 20061109 GNU gv Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/451057/100/0/threaded Bugtraq: 20061112 Re: GNU gv Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/451422/100/200/threaded Bugtraq: 20061128 evince buffer overflow exploit (gv) (Google Search) http://www.securityfocus.com/archive/1/archive/1/452868/100/0/threaded http://milw0rm.com/exploits/2858 Debian Security Information: DSA-1214 (Google Search) http://www.debian.org/security/2006/dsa-1214 Debian Security Information: DSA-1243 (Google Search) http://www.debian.org/security/2006/dsa-1243 http://security.gentoo.org/glsa/glsa-200611-20.xml http://security.gentoo.org/glsa/glsa-200703-24.xml http://security.gentoo.org/glsa/glsa-200704-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:214 http://www.mandriva.com/security/advisories?name=MDKSA-2006:229 SuSE Security Announcement: SUSE-SR:2006:026 (Google Search) http://www.novell.com/linux/security/advisories/2006_26_sr.html SuSE Security Announcement: SUSE-SR:2006:028 (Google Search) http://www.novell.com/linux/security/advisories/2006_28_sr.html SuSE Security Announcement: SUSE-SR:2006:029 (Google Search) http://www.novell.com/linux/security/advisories/2006_29_sr.html http://www.ubuntu.com/usn/usn-390-1 http://www.ubuntu.com/usn/usn-390-2 http://www.ubuntu.com/usn/usn-390-3 CERT/CC vulnerability note: VU#352825 http://www.kb.cert.org/vuls/id/352825 BugTraq ID: 20978 http://www.securityfocus.com/bid/20978 http://www.vupen.com/english/advisories/2006/4424 http://www.vupen.com/english/advisories/2006/4747 http://secunia.com/advisories/22787 http://secunia.com/advisories/23006 http://secunia.com/advisories/23018 http://secunia.com/advisories/23118 http://secunia.com/advisories/23111 http://secunia.com/advisories/23183 http://secunia.com/advisories/23266 http://secunia.com/advisories/23306 http://secunia.com/advisories/23353 http://secunia.com/advisories/23335 http://secunia.com/advisories/23409 http://secunia.com/advisories/23579 http://secunia.com/advisories/22932 http://secunia.com/advisories/24787 http://secunia.com/advisories/24649 XForce ISS Database: gnu-gv-buffer-overflow(30153) http://xforce.iss.net/xforce/xfdb/30153 XForce ISS Database: evince-postscript-bo(30555) http://xforce.iss.net/xforce/xfdb/30555