Gentoo Linux Security Advisory GLSA 200704-06 - Evince includes code from GNU gv that does not properly boundary check user-supplied data before copying it into process buffers. Versions less than 0.6.1-r3 are affected.
5cd09ec712e583e6a89ee7bf8d00ef98a0c093a99dc5ff09cd572db1b7bfa7e3Gentoo Linux Security Advisory GLSA 200703-24 - mgv includes code from gv that does not properly boundary check user-supplied data before copying it into process buffers. Versions less than or equal to 3.1.5 are affected.
6272a4d60ff8b787632640ce2e5805790eeb6dff23dbc79cac813e3ad511d60cDebian Security Advisory 1243-1 - Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X, performs insufficient boundary checks in the Postscript parsing code, which allows the execution of arbitrary code through a buffer overflow. Evince embeds a copy of gv and needs an update as well.
59b309a2e743b9753ae0975f2805f781a77e3e1cec2b5e23bf2c11ef5d354603Debian Security Advisory 1214-2 - Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X, performs insufficient boundary checks in the Postscript parsing code, which allows the execution of arbitrary code through a buffer overflow. The original update provided in DSA 1214-1 was insufficient; this update corrects this.
3ad038b7a8d216760848cb055cab23532027492d9af8f4c892e01003eb30cb69Ubuntu Security Notice 390-3 - USN-390-2 fixed vulnerabilities in evince. This update provides the corresponding update for evince-gtk. A buffer overflow was discovered in the PostScript processor included in evince. By tricking a user into opening a specially crafted PS file, an attacker could crash evince or execute arbitrary code with the user's privileges.
fb8e4b4eee4cbcdbfb0508079c28a845933456d3052b7044a5f1247a74785cfbUbuntu Security Notice 390-2 - USN-390-1 fixed a vulnerability in evince. The original fix did not fully solve the problem, allowing for a denial of service in certain situations. A buffer overflow was discovered in the PostScript processor included in evince. By tricking a user into opening a specially crafted PS file, an attacker could crash evince or execute arbitrary code with the user's privileges.
c8982417d61f56f03ea5a7fcb43e8d05307c889dc83a018acb5f177d4d40a750Mandriva Linux Security Advisory - A stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.
b0a8590ea11ba4afad9185f0a981496234a1d44af2df33534e836aa6a73fd319Ubuntu Security Notice 390-1 - A buffer overflow was discovered in the PostScript processor included in evince. By tricking a user into opening a specially crafted PS file, an attacker could crash evince or execute arbitrary code with the user's privileges.
4ff27831c73ace4a7dd7186a492469ef44e83021bd2cc275e38f7c5f69ece81eDebian Security Advisory 1214-1 - Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X, performs insufficient boundary checks in the Postscript parsing code, which allows the execution of arbitrary code through a buffer overflow.
16b6e3210d3ac75c90cf81ad1784813c76b78f9acdefad2ef7e69b79cd134bd1Mandriva Linux Security Advisory MDKSA-2006-214 - A stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.
06e80cb29efde91a8d7185f5306406d55dac86ef801844102583064f2eb57e71
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed