5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.923 High
EPSS
Percentile
98.9%
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv
3.6.2, and possibly earlier versions, allows user-assisted attackers to
execute arbitrary code via a PostScript (PS) file with certain headers that
contain long comments, as demonstrated using the (1) DocumentMedia, (2)
DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers.
NOTE: this issue can be exploited through other products that use gv such
as evince.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | evince | < 0.5.2-0ubuntu3.2 | UNKNOWN |
ubuntu | 6.10 | noarch | evince | < 0.6.1-0ubuntu1.2 | UNKNOWN |
ubuntu | 7.04 | noarch | evince | < 0.8.1-0ubuntu1 | UNKNOWN |
ubuntu | 6.06 | noarch | evince-gtk | < 0.5.2-0ubuntu2.1 | UNKNOWN |
ubuntu | 6.10 | noarch | evince-gtk | < 0.5.2-0ubuntu4.1 | UNKNOWN |
ubuntu | 7.04 | noarch | evince-gtk | < 0.5.2-0ubuntu7 | UNKNOWN |
ubuntu | 6.06 | noarch | gv | < 3.6.1-12ubuntu0.2 | UNKNOWN |
ubuntu | 6.10 | noarch | gv | < 3.6.1-13ubuntu0.2 | UNKNOWN |
ubuntu | 7.04 | noarch | gv | < 3.6.2-3ubuntu1 | UNKNOWN |