blob: 7cd4c11b515555f94c37a132698e7a29516189f1 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200704-06">
<title>Evince: Stack overflow in included gv code</title>
Evince improperly handles user-supplied data possibly allowing for the
execution of arbitrary code.
<product type="ebuild">evince</product>
<announced>April 06, 2007</announced>
<revised>April 06, 2007: 01</revised>
<package name="app-text/evince" auto="yes" arch="*">
<unaffected range="ge">0.6.1-r3</unaffected>
<vulnerable range="lt">0.6.1-r3</vulnerable>
Evince is a document viewer for multiple document formats, including
Evince includes code from GNU gv that does not properly boundary check
user-supplied data before copying it into process buffers.
<impact type="normal">
An attacker could entice a user to open a specially crafted PostScript
document with Evince and possibly execute arbitrary code with the
rights of the user running Evince.
There is no known workaround at this time.
All Evince users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-text/evince-0.6.1-r3&quot;</code>
<uri link="">CVE-2006-5864</uri>
<uri link="/security/en/glsa/glsa-200611-20.xml">GLSA-200611-20</uri>
<metadata tag="requester" timestamp="Thu, 29 Mar 2007 16:08:33 +0000">
<metadata tag="submitter" timestamp="Mon, 02 Apr 2007 13:26:04 +0000">
<metadata tag="bugReady" timestamp="Tue, 03 Apr 2007 22:29:26 +0000">