Vulnerability Note VU#600777
gv contains buffer overflow in sscanf() function
A remotely exploitable buffer overflow vulnerability exists in gv.
A remotely exploitable buffer overflow vulnerability exists in gv. gv allows a user to view and navigate PostScript and PDF documents by providing an interface to the ghostscript interpreter. This vulnerability can allow a remote attacker to execute arbitrary code on a vulnerable host.
A remote attacker can execute arbitrary code on a vulnerable host with the privileges of the victim.
Apply a patch.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Debian||Affected||-||17 Oct 2002|
|Gentoo Linux||Affected||-||17 Oct 2002|
|KDE Desktop Environment Project||Affected||-||17 Oct 2002|
|Red Hat Inc.||Affected||-||17 Oct 2002|
CVSS Metrics (Learn More)
Thanks to David Endler for reporting this vulnerability.
This document was written by Ian A Finlay.
- CVE IDs: CAN-2002-0838
- Date Public: 26 Sep 2002
- Date First Published: 17 Oct 2002
- Date Last Updated: 17 Oct 2002
- Severity Metric: 16.50
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.