SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#600777

gv contains buffer overflow in sscanf() function

Overview

A remotely exploitable buffer overflow vulnerability exists in gv.

I. Description

A remotely exploitable buffer overflow vulnerability exists in gv. gv allows a user to view and navigate PostScript and PDF documents by providing an interface to the ghostscript interpreter. This vulnerability can allow a remote attacker to execute arbitrary code on a vulnerable host.

II. Impact

A remote attacker can execute arbitrary code on a vulnerable host with the privileges of the victim.

III. Solution

Apply a patch.

Systems Affected
VendorStatusDate NotifiedDate Updated
DebianVulnerable17-Oct-2002
Gentoo LinuxVulnerable17-Oct-2002
KDE Desktop Environment ProjectVulnerable17-Oct-2002
Red Hat Inc.Vulnerable17-Oct-2002

References

http://www.idefense.com/advisory/09.26.02.txt
http://wwwthep.physik.uni-mainz.de/~plass/gv/
http://rhn.redhat.com/errata/RHSA-2002-207.html
http://marc.theaimsgroup.com/?l=bugtraq&m=103305615613319&w=2

Credit

Thanks to David Endler for reporting this vulnerability.

This document was written by Ian A Finlay.

Other Information

Date Public:2002-09-26
Date First Published:2002-10-17
Date Last Updated:2002-10-17
CERT Advisory: 
CVE-ID(s):CAN-2002-0838
NVD-ID(s):CAN-2002-0838
US-CERT Technical Alerts: 
Severity Metric:16.50
Document Revision:13

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2002 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader