CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2010-2056 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2010-2056
22 Jul 2010 — GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. GNU gv anterior a v3.7.0 permite a usuarios locales sobrescribir ficheros a su elección mediante un ataque de enlace simbólico en un archivo temporal. This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 94%CPEs: 4EXPL: 2CVE-2006-5864 – Evince Document Viewer - 'DocumentMedia' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-5864
11 Nov 2006 — Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince. Desbordamiento de búfer basado en pila en la función ps_get... • https://www.exploit-db.com/exploits/2858 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •