CVE-2002-0838
published 2002-10-10CVE-2002-0838: Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and…
PriorityP425medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
2.02%
78.6th percentile
Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gv | < gv 1:3.5.8-27 (bookworm) | gv 1:3.5.8-27 (bookworm) |
| ggv | ggv | — | — |
| ghostview | ghostview | — | — |
| ghostview | ghostview | — | — |
| ghostview | ghostview | — | — |
| ghostview | ghostview | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | — | — |
| gv | gv | >= 0 < 1:3.5.8-27 | 1:3.5.8-27 |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2002-09-26·CVSS 4.6
CVE-2002-0838 [MEDIUM] security flaw
security flaw
Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.
Debian
CVE-2002-0838: gv - Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv ...
vendor_debian·2002·CVSS 4.6
CVE-2002-0838 [MEDIUM] CVE-2002-0838: gv - Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv ...
Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.
Scope: local
bookworm: resolved (fixed in 1:3.5.8-27)
bullseye: resolved (fixed in 1:3.5.8-27)
forky: resolved (fixed in 1:3.5.8-27)
sid: resolved (fixed in 1:3.5.8-27)
trixie: resolved (fixed in 1:3.5.8-27)
Red Hat
CVE-2004-1717: Multiple buffer overflows in the psscan function in ps
vendor_redhat·CVSS 4.6
CVE-2004-1717 [MEDIUM] CVE-2004-1717: Multiple buffer overflows in the psscan function in ps
Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.
Statement: This CVE is a duplicate (rediscovery) of CVE-2002-0838
GHSA
GHSA-8534-65wr-c3fm: Buffer overflow in (1) gv 3
ghsa_unreviewed·2022-05-03
CVE-2002-0838 [MEDIUM] GHSA-8534-65wr-c3fm: Buffer overflow in (1) gv 3
Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.
OSV
CVE-2002-0838: Buffer overflow in (1) gv 3
osv·2002-10-10·CVSS 4.6
CVE-2002-0838 [MEDIUM] CVE-2002-0838: Buffer overflow in (1) gv 3
Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.
No detection rules found.
Exploit-DB
GV 2.x/3.x - '.PDF'/'.PS' File Buffer Overflow (2)
exploitdb·2002-09-26
CVE-2002-0838 GV 2.x/3.x - '.PDF'/'.PS' File Buffer Overflow (2)
GV 2.x/3.x - '.PDF'/'.PS' File Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/5808/info
gv is a freely available, open source Portable Document Format (PDF) and PostScript (PS) viewing utility. It is available for Unix and Linux operating systems.
It has been reported that an insecure sscanf() function exists in gv. Due to this function, an attacker may be able to put malicious code in the %%PageOrder: portion of a file. When this malicious file is opened with gv, the code would be executed in the security context of the user opening the file.
/*
* gv postscript viewer exploit , infamous42md AT hotpop DOT com
*
* run of the mill bof. spawns a remote shell on port 7000. woopty doo. if
* someone has been able to exploit the heap overflow in cfengine, please email
*
Exploit-DB
GV 2.x/3.x - '.PDF'/'.PS' File Buffer Overflow (1)
exploitdb·2002-09-26
CVE-2002-0838 GV 2.x/3.x - '.PDF'/'.PS' File Buffer Overflow (1)
GV 2.x/3.x - '.PDF'/'.PS' File Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/5808/info
gv is a freely available, open source Portable Document Format (PDF) and PostScript (PS) viewing utility. It is available for Unix and Linux operating systems.
It has been reported that an insecure sscanf() function exists in gv. Due to this function, an attacker may be able to put malicious code in the %%PageOrder: portion of a file. When this malicious file is opened with gv, the code would be executed in the security context of the user opening the file.
// gv
#define STDALIGN 264 // Standard align
#define SCBUF 800 // Shellcode buffer size
#define GARBAGE 100 // Garbage for the end
// of the evil_buffer
#define NOP 'G' // instead of "\x90"
// Copyright (c) Ramon de Carv
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-053.0.txthttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000542http://marc.info/?l=bugtraq&m=103305615613319&w=2http://marc.info/?l=bugtraq&m=103305778615625&w=2http://marc.info/?l=bugtraq&m=103487806800388&w=2http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:securityhttp://www.debian.org/security/2002/dsa-176http://www.debian.org/security/2002/dsa-179http://www.debian.org/security/2002/dsa-182http://www.iss.net/security_center/static/10201.phphttp://www.kb.cert.org/vuls/id/600777http://www.kde.org/info/security/advisory-20021008-1.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2002:069http://www.mandriva.com/security/advisories?name=MDKSA-2002:071http://www.redhat.com/support/errata/RHSA-2002-207.htmlhttp://www.redhat.com/support/errata/RHSA-2002-212.htmlhttp://www.redhat.com/support/errata/RHSA-2002-220.htmlhttp://www.securityfocus.com/bid/5808ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-053.0.txthttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000542http://marc.info/?l=bugtraq&m=103305615613319&w=2http://marc.info/?l=bugtraq&m=103305778615625&w=2http://marc.info/?l=bugtraq&m=103487806800388&w=2http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:securityhttp://www.debian.org/security/2002/dsa-176http://www.debian.org/security/2002/dsa-179http://www.debian.org/security/2002/dsa-182http://www.iss.net/security_center/static/10201.phphttp://www.kb.cert.org/vuls/id/600777http://www.kde.org/info/security/advisory-20021008-1.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2002:069http://www.mandriva.com/security/advisories?name=MDKSA-2002:071http://www.redhat.com/support/errata/RHSA-2002-207.htmlhttp://www.redhat.com/support/errata/RHSA-2002-212.htmlhttp://www.redhat.com/support/errata/RHSA-2002-220.htmlhttp://www.securityfocus.com/bid/5808
2002-10-10
Published