// For flags

CVE-2006-5864

Evince Document Viewer - 'DocumentMedia' Remote Buffer Overflow

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.

Desbordamiento de búfer basado en pila en la función ps_gettext en ps.c para GNU gv 3.6.2, y posiblemente versiones anteriores, permite a atacantes con la intervención del usuario ejecutar código de su elección mediante un fichero PostScript (PS) con determinadas cabeceras que contienen comentarios largos, como se ha demostrado usando las cabeceras (1) DocumentMedia, (2) DocumentPaperSizes, y posiblemente (3) PageMedia y (4) PaperSize. NOTA: este problema puede ser explotado a través de otros productos que utilicen gv tales como evince.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-11-10 CVE Reserved
  • 2006-11-11 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (39)
URL Tag Source
http://www.kb.cert.org/vuls/id/352825 Third Party Advisory
http://www.securityfocus.com/archive/1/451057/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/451422/100/200/threaded Mailing List
http://www.securityfocus.com/archive/1/452868/100/0/threaded Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/30153 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/30555 Vdb Entry
https://issues.rpath.com/browse/RPL-850 X_refsource_confirm
URL Date SRC
https://www.exploit-db.com/exploits/2858 2024-08-07
http://www.securityfocus.com/bid/20978 2024-08-07
URL Date SRC
URL Date SRC
http://secunia.com/advisories/22787 2018-10-17
http://secunia.com/advisories/22932 2018-10-17
http://secunia.com/advisories/23006 2018-10-17
http://secunia.com/advisories/23018 2018-10-17
http://secunia.com/advisories/23111 2018-10-17
http://secunia.com/advisories/23118 2018-10-17
http://secunia.com/advisories/23183 2018-10-17
http://secunia.com/advisories/23266 2018-10-17
http://secunia.com/advisories/23306 2018-10-17
http://secunia.com/advisories/23335 2018-10-17
http://secunia.com/advisories/23353 2018-10-17
http://secunia.com/advisories/23409 2018-10-17
http://secunia.com/advisories/23579 2018-10-17
http://secunia.com/advisories/24649 2018-10-17
http://secunia.com/advisories/24787 2018-10-17
http://security.gentoo.org/glsa/glsa-200611-20.xml 2018-10-17
http://security.gentoo.org/glsa/glsa-200703-24.xml 2018-10-17
http://security.gentoo.org/glsa/glsa-200704-06.xml 2018-10-17
http://www.debian.org/security/2006/dsa-1214 2018-10-17
http://www.debian.org/security/2006/dsa-1243 2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:214 2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:229 2018-10-17
http://www.novell.com/linux/security/advisories/2006_26_sr.html 2018-10-17
http://www.novell.com/linux/security/advisories/2006_28_sr.html 2018-10-17
http://www.novell.com/linux/security/advisories/2006_29_sr.html 2018-10-17
http://www.ubuntu.com/usn/usn-390-1 2018-10-17
http://www.ubuntu.com/usn/usn-390-2 2018-10-17
http://www.ubuntu.com/usn/usn-390-3 2018-10-17
http://www.vupen.com/english/advisories/2006/4424 2018-10-17
http://www.vupen.com/english/advisories/2006/4747 2018-10-17
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnu
Search vendor "Gnu"
 Gv
Search vendor "Gnu" for product "Gv"
 3.5.8
Search vendor "Gnu" for product "Gv" and version "3.5.8"
-
Affected
Gnu
Search vendor "Gnu"
 Gv
Search vendor "Gnu" for product "Gv"
 3.6.0
Search vendor "Gnu" for product "Gv" and version "3.6.0"
-
Affected
Gnu
Search vendor "Gnu"
 Gv
Search vendor "Gnu" for product "Gv"
 3.6.1
Search vendor "Gnu" for product "Gv" and version "3.6.1"
-
Affected
Gnu
Search vendor "Gnu"
 Gv
Search vendor "Gnu" for product "Gv"
 3.6.2
Search vendor "Gnu" for product "Gv" and version "3.6.2"
-
Affected