CVE-2006-5864

Publication date 11 November 2006

Last updated 24 July 2024


Ubuntu priority

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.

Status

Package Ubuntu Release Status
evince 7.04 feisty
Fixed 0.8.1-0ubuntu1
6.10 edgy
Fixed 0.6.1-0ubuntu1.2
6.06 LTS dapper
Fixed 0.5.2-0ubuntu3.2
evince-gtk 7.04 feisty
Fixed 0.5.2-0ubuntu7
6.10 edgy
Fixed 0.5.2-0ubuntu4.1
6.06 LTS dapper
Fixed 0.5.2-0ubuntu2.1
gv 7.04 feisty
Fixed 3.6.2-3ubuntu1
6.10 edgy
Fixed 3.6.1-13ubuntu0.2
6.06 LTS dapper
Fixed 3.6.1-12ubuntu0.2

References

Related Ubuntu Security Notices (USN)

    • USN-390-3
    • evince-gtk vulnerability
    • 7 December 2006
    • USN-390-1
    • evince vulnerability
    • 30 November 2006
    • USN-390-2
    • evince vulnerability
    • 6 December 2006

Other references