blob: ec85a580186822fbc4436ce21952b6c637127ccd [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200408-10">
<title>gv: Exploitable Buffer Overflow</title>
gv contains an exploitable buffer overflow that allows an attacker to
execute arbitrary code.
<product type="ebuild">gv</product>
<announced>August 12, 2004</announced>
<revised>August 12, 2004: 01</revised>
<package name="app-text/gv" auto="yes" arch="*">
<unaffected range="ge">3.5.8-r4</unaffected>
<vulnerable range="le">3.5.8-r3</vulnerable>
gv is a PostScript and PDF viewer for X which provides a user interface for
the ghostscript interpreter.
gv contains a buffer overflow vulnerability where an unsafe sscanf() call
is used to interpret PDF and PostScript files.
<impact type="normal">
By enticing a user to view a malformed PDF or PostScript file an attacker
could execute arbitrary code with the permissions of the user running gv.
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of gv.
All gv users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-text/gv-3.5.8-r4"
# emerge ">=app-text/gv-3.5.8-r4"</code>
<uri link="">CAN-2002-0838</uri>
<metadata tag="requester" timestamp="Thu, 5 Aug 2004 09:15:36 +0000">
<metadata tag="submitter" timestamp="Sun, 8 Aug 2004 20:43:19 +0000">