CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2010-2056 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2010-2056
22 Jul 2010 — GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. GNU gv anterior a v3.7.0 permite a usuarios locales sobrescribir ficheros a su elección mediante un ataque de enlace simbólico en un archivo temporal. This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 94%CPEs: 4EXPL: 2CVE-2006-5864 – Evince Document Viewer - 'DocumentMedia' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-5864
11 Nov 2006 — Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince. Desbordamiento de búfer basado en pila en la función ps_get... • https://www.exploit-db.com/exploits/2858 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 3CVE-2004-1717 – GV PostScript Viewer - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-1717
16 Aug 2004 — Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value. • https://www.exploit-db.com/exploits/390 •
CVSS: 9.8EPSS: 12%CPEs: 22EXPL: 1CVE-2002-1569
https://notcve.org/view.php?id=CVE-2002-1569
25 Oct 2003 — gv 3.5.8, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the filename for (1) a PDF file or (2) a gzip file. gv 3.5.8, y posiblemente versiones anteriores, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaractéres de shell en el nombre de fichero de un fichero PDF o GZIP. • http://archives.neohapsis.com/archives/bugtraq/2002-10/0033.html •
CVSS: 7.8EPSS: 1%CPEs: 23EXPL: 3CVE-2002-0838 – GV 2.x/3.x - '.PDF'/'.PS' File Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0838
01 Oct 2002 — Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf. Desbordamiento de Buffer en gv 3.5.8 y anteriores, y gvv 1.0.2 y anteriores, que permite a los atacantes la ejecución arbitraria de código vía ficheros PDF o PostScript con caberceras erroneas al ser proce... • https://www.exploit-db.com/exploits/21871 •