5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.923 High
EPSS
Percentile
98.9%
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | evince | < 0.4.0-3 | evince_0.4.0-3_all.deb |
Debian | 11 | all | evince | < 0.4.0-3 | evince_0.4.0-3_all.deb |
Debian | 10 | all | evince | < 0.4.0-3 | evince_0.4.0-3_all.deb |
Debian | 999 | all | evince | < 0.4.0-3 | evince_0.4.0-3_all.deb |
Debian | 13 | all | evince | < 0.4.0-3 | evince_0.4.0-3_all.deb |
Debian | 12 | all | gv | < 1:3.6.2-3 | gv_1:3.6.2-3_all.deb |
Debian | 11 | all | gv | < 1:3.6.2-3 | gv_1:3.6.2-3_all.deb |
Debian | 10 | all | gv | < 1:3.6.2-3 | gv_1:3.6.2-3_all.deb |
Debian | 999 | all | gv | < 1:3.6.2-3 | gv_1:3.6.2-3_all.deb |
Debian | 13 | all | gv | < 1:3.6.2-3 | gv_1:3.6.2-3_all.deb |