CVE - CVE-2006-5864

CVE-ID
CVE-2006-5864	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20061109 GNU gv Stack Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/451057/100/0/threaded BUGTRAQ:20061112 Re: GNU gv Stack Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/451422/100/200/threaded BUGTRAQ:20061128 evince buffer overflow exploit (gv) URL:http://www.securityfocus.com/archive/1/452868/100/0/threaded EXPLOIT-DB:2858 URL:https://www.exploit-db.com/exploits/2858 CONFIRM:https://issues.rpath.com/browse/RPL-850 DEBIAN:DSA-1214 URL:http://www.debian.org/security/2006/dsa-1214 DEBIAN:DSA-1243 URL:http://www.debian.org/security/2006/dsa-1243 GENTOO:GLSA-200611-20 URL:http://security.gentoo.org/glsa/glsa-200611-20.xml GENTOO:GLSA-200703-24 URL:http://security.gentoo.org/glsa/glsa-200703-24.xml GENTOO:GLSA-200704-06 URL:http://security.gentoo.org/glsa/glsa-200704-06.xml MANDRIVA:MDKSA-2006:214 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:214 MANDRIVA:MDKSA-2006:229 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:229 SUSE:SUSE-SR:2006:026 URL:http://www.novell.com/linux/security/advisories/2006_26_sr.html SUSE:SUSE-SR:2006:028 URL:http://www.novell.com/linux/security/advisories/2006_28_sr.html SUSE:SUSE-SR:2006:029 URL:http://www.novell.com/linux/security/advisories/2006_29_sr.html UBUNTU:USN-390-1 URL:http://www.ubuntu.com/usn/usn-390-1 UBUNTU:USN-390-2 URL:http://www.ubuntu.com/usn/usn-390-2 UBUNTU:USN-390-3 URL:http://www.ubuntu.com/usn/usn-390-3 CERT-VN:VU#352825 URL:http://www.kb.cert.org/vuls/id/352825 BID:20978 URL:http://www.securityfocus.com/bid/20978 VUPEN:ADV-2006-4424 URL:http://www.vupen.com/english/advisories/2006/4424 VUPEN:ADV-2006-4747 URL:http://www.vupen.com/english/advisories/2006/4747 SECUNIA:22787 URL:http://secunia.com/advisories/22787 SECUNIA:23006 URL:http://secunia.com/advisories/23006 SECUNIA:23018 URL:http://secunia.com/advisories/23018 SECUNIA:23118 URL:http://secunia.com/advisories/23118 SECUNIA:23111 URL:http://secunia.com/advisories/23111 SECUNIA:23183 URL:http://secunia.com/advisories/23183 SECUNIA:23266 URL:http://secunia.com/advisories/23266 SECUNIA:23306 URL:http://secunia.com/advisories/23306 SECUNIA:23353 URL:http://secunia.com/advisories/23353 SECUNIA:23335 URL:http://secunia.com/advisories/23335 SECUNIA:23409 URL:http://secunia.com/advisories/23409 SECUNIA:23579 URL:http://secunia.com/advisories/23579 SECUNIA:22932 URL:http://secunia.com/advisories/22932 SECUNIA:24787 URL:http://secunia.com/advisories/24787 SECUNIA:24649 URL:http://secunia.com/advisories/24649 XF:gnu-gv-buffer-overflow(30153) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/30153 XF:evince-postscript-bo(30555) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/30555
Assigning CNA
N/A
Date Entry Created
20061110	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061110)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org