cbcvebase.
CVE-2006-5864
published 2006-11-11

CVE-2006-5864: Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute…

PriorityP334medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
14.84%
96.3th percentile
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.

Affected

14 ranges
VendorProductVersion rangeFixed in
debianevince< evince 0.4.0-3 (bookworm)evince 0.4.0-3 (bookworm)
debiangv< evince 0.4.0-3 (bookworm)evince 0.4.0-3 (bookworm)
gnomeevince>= 0 < 0.4.0-30.4.0-3
gnomeevince>= 0 < 0.4.0-30.4.0-3
gnomeevince>= 0 < 0.4.0-30.4.0-3
gnomeevince>= 0 < 0.4.0-30.4.0-3
gnugv
gnugv
gnugv
gnugv
gvgv>= 0 < 1:3.6.2-31:3.6.2-3
gvgv>= 0 < 1:3.6.2-31:3.6.2-3
gvgv>= 0 < 1:3.6.2-31:3.6.2-3
gvgv>= 0 < 1:3.6.2-31:3.6.2-3

CVSS provenance

nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM
vendor_debian5.1MEDIUM
vendor_redhat5.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.