Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-5864Improper Restriction of Operations within the Bounds of a Memory Buffer in GV

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer15 documents9 sources
Severity
5.1MEDIUMNVD
EPSS
30.7%
top 3.27%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Gnome EvinceGVGNU GV
Timeline
PublishedNov 11
Latest updateMay 1

Description

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages3 packages

Debiangnome/evince< 0.4.0-3+3
Debiangv/gv< 1:3.6.2-3+3
NVDgnu/gv4 versions+3

🔴Vulnerability Details

3
GHSA
GHSA-c7wv-85x6-hmhm: Stack-based buffer overflow in the ps_gettext function in ps2022-05-01
OSV
CVE-2006-5864: Stack-based buffer overflow in the ps_gettext function in ps2006-11-11
CVEList
CVE-2006-5864: Stack-based buffer overflow in the ps_gettext function in ps2006-11-11

💥Exploits & PoCs

1
Exploit-DB
Evince Document Viewer - 'DocumentMedia' Remote Buffer Overflow2006-11-28

📋Vendor Advisories

5
Ubuntu
evince-gtk vulnerability2006-12-07
Ubuntu
evince vulnerability2006-12-06
Ubuntu
evince vulnerability2006-11-30
Red Hat
CVE-2006-5864 evince contains a buffer overflow in get_next_text()2006-11-29
Debian
CVE-2006-5864: evince - Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2,...2006

💬Community

5
Bugzilla
CVE-2006-5864 evince contains a buffer overflow in get_next_text()2006-11-29
Bugzilla
CVE-2006-5864 evince contains a buffer overflow in get_next_text()2006-11-29
Bugzilla
CVE-2006-5864 GNU gv contains a buffer overflow in gettext()2006-11-14
Bugzilla
CVE-2006-5864: gv (ghostview) <= 3.6.2 stack-based buffer overflow2006-11-13
Bugzilla
CVE-2006-5864: gv <= 3.6.2 stack-based buffer overflow2006-11-11
CVE-2006-5864 — GNU GV vulnerability | cvebase