blob: 4187a07a47029728e793e586ed1060743677d3b8 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200611-20">
<title>GNU gv: Stack overflow</title>
GNU gv improperly handles user-supplied data possibly allowing for the
execution of arbitrary code.
<product type="ebuild">gv</product>
<announced>November 24, 2006</announced>
<revised>November 24, 2006: 01</revised>
<package name="app-text/gv" auto="yes" arch="*">
<unaffected range="ge">3.6.2-r1</unaffected>
<vulnerable range="lt">3.6.2-r1</vulnerable>
GNU gv is a viewer for PostScript and PDF documents.
GNU gv does not properly boundary check user-supplied data before
copying it into process buffers.
<impact type="normal">
An attacker could entice a user to open a specially crafted document
with GNU gv and execute arbitrary code with the rights of the user on
the system.
There is no known workaround at this time.
All gv users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-text/gv-3.6.2-r1&quot;</code>
<uri link="">CVE-2006-5864</uri>
<metadata tag="requester" timestamp="Tue, 21 Nov 2006 06:07:37 +0000">
<metadata tag="submitter" timestamp="Tue, 21 Nov 2006 14:27:05 +0000">
<metadata tag="bugReady" timestamp="Fri, 24 Nov 2006 20:18:52 +0000">