CVE-2006-5864

⚪ Do wiadomości

Przepełnienie bufora w GNU gv umożliwia wykonanie dowolnego kodu przez złośliwe pliki PS.

CVSS

5.1

EPSS

30.7%

Exploit

poc

Vendor

gnu

Opis źródłowy (NVD)

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.

buffer-overflow exploit Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	5.1
CISA KEV (aktywnie wykorzystywane)	Nie
FIRST EPSS (prawdopodobieństwo exploita)	30.7%
Opublikowano (NVD)	2006-11-11 01:07:00 UTC
Ostatnia modyfikacja (NVD)	2026-04-23 00:35:47 UTC

Referencje

http://secunia.com/advisories/22787 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/22932 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/23006 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/23018 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/23111 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/23118 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/23183 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/23266 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/23306 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/23335 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/23353 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/23409 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/23579 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/24649 (cve@mitre.org) [Vendor Advisory]
http://secunia.com/advisories/24787 (cve@mitre.org) [Vendor Advisory]
http://security.gentoo.org/glsa/glsa-200611-20.xml (cve@mitre.org)
http://security.gentoo.org/glsa/glsa-200703-24.xml (cve@mitre.org)
http://security.gentoo.org/glsa/glsa-200704-06.xml (cve@mitre.org)
http://www.debian.org/security/2006/dsa-1214 (cve@mitre.org)
http://www.debian.org/security/2006/dsa-1243 (cve@mitre.org)
http://www.kb.cert.org/vuls/id/352825 (cve@mitre.org) [US Government Resource]
http://www.mandriva.com/security/advisories?name=MDKSA-2006:214 (cve@mitre.org)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:229 (cve@mitre.org)
http://www.novell.com/linux/security/advisories/2006_26_sr.html (cve@mitre.org)
http://www.novell.com/linux/security/advisories/2006_28_sr.html (cve@mitre.org)
http://www.novell.com/linux/security/advisories/2006_29_sr.html (cve@mitre.org)
http://www.securityfocus.com/archive/1/451057/100/0/threaded (cve@mitre.org)
http://www.securityfocus.com/archive/1/451422/100/200/threaded (cve@mitre.org)
http://www.securityfocus.com/archive/1/452868/100/0/threaded (cve@mitre.org)
http://www.securityfocus.com/bid/20978 (cve@mitre.org) [Exploit]
http://www.ubuntu.com/usn/usn-390-1 (cve@mitre.org)
http://www.ubuntu.com/usn/usn-390-2 (cve@mitre.org)
http://www.ubuntu.com/usn/usn-390-3 (cve@mitre.org)
http://www.vupen.com/english/advisories/2006/4424 (cve@mitre.org) [Vendor Advisory]
http://www.vupen.com/english/advisories/2006/4747 (cve@mitre.org) [Vendor Advisory]
https://exchange.xforce.ibmcloud.com/vulnerabilities/30153 (cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30555 (cve@mitre.org)
https://issues.rpath.com/browse/RPL-850 (cve@mitre.org)
https://www.exploit-db.com/exploits/2858 (cve@mitre.org)