Vulnerability Note VU#352825
GNU gv buffer overflow vulnerability
A buffer overflow vulnerability exists in the GNU gv viewer application. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition.
From the GNU gv website:
GNU gv allows to view and navigate through PostScript and PDF documents on an X display by providing a user interface for the ghostscript interpreter.
Note that GNU gv is maintained and packaged by many vendors. Please see the systems affected portion of this document for a list of vendors who distribute GNU gv.
A remote, unauthenticated attacker may be able to execute code with the privileges of the user running GNU gv.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Debian GNU/Linux||Affected||-||28 Nov 2006|
|Gentoo Linux||Affected||28 Nov 2006||29 Nov 2006|
|Juniper Networks, Inc.||Not Affected||28 Nov 2006||28 Nov 2006|
|Microsoft Corporation||Not Affected||28 Nov 2006||28 Nov 2006|
|NetBSD||Not Affected||28 Nov 2006||29 Nov 2006|
|Openwall GNU/*/Linux||Not Affected||28 Nov 2006||01 Dec 2006|
|Apple Computer, Inc.||Unknown||28 Nov 2006||28 Nov 2006|
|Conectiva Inc.||Unknown||28 Nov 2006||28 Nov 2006|
|Cray Inc.||Unknown||28 Nov 2006||28 Nov 2006|
|EMC, Inc. (formerly Data General Corporation)||Unknown||28 Nov 2006||28 Nov 2006|
|Engarde Secure Linux||Unknown||28 Nov 2006||28 Nov 2006|
|F5 Networks, Inc.||Unknown||28 Nov 2006||28 Nov 2006|
|Fedora Project||Unknown||28 Nov 2006||28 Nov 2006|
|FreeBSD, Inc.||Unknown||28 Nov 2006||28 Nov 2006|
|Fujitsu||Unknown||28 Nov 2006||28 Nov 2006|
CVSS Metrics (Learn More)
This vulnerability was publicly reported by Renaud Lifchitz.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2006-5864
- Date Public: 09 Nov 2006
- Date First Published: 28 Nov 2006
- Date Last Updated: 01 Dec 2006
- Severity Metric: 0.10
- Document Revision: 34
If you have feedback, comments, or additional information about this vulnerability, please send us email.