CVE-2006-5864 - Undiscoverable Weenie
Description
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2 and possibly earlier versions allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments as demonstrated using the (1) DocumentMedia (2) DocumentPaperSizes and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.
Reference
http://www.securityfocus.com/bid/20978 http://secunia.com/advisories/22787 http://www.debian.org/security/2006/dsa-1214 http://www.novell.com/linux/security/advisories/2006_26_sr.html http://secunia.com/advisories/23006 http://secunia.com/advisories/23018 http://security.gentoo.org/glsa/glsa-200611-20.xml http://secunia.com/advisories/23118 http://www.kb.cert.org/vuls/id/352825 http://secunia.com/advisories/23111 http://www.ubuntu.com/usn/usn-390-1 http://secunia.com/advisories/23183 http://www.ubuntu.com/usn/usn-390-2 http://www.ubuntu.com/usn/usn-390-3 http://secunia.com/advisories/23266 https://issues.rpath.com/browse/RPL-850 http://www.novell.com/linux/security/advisories/2006_28_sr.html http://secunia.com/advisories/23306 http://secunia.com/advisories/23353 http://secunia.com/advisories/23335 http://www.novell.com/linux/security/advisories/2006_29_sr.html http://secunia.com/advisories/23409 http://www.debian.org/security/2006/dsa-1243 http://secunia.com/advisories/23579 http://security.gentoo.org/glsa/glsa-200703-24.xml http://secunia.com/advisories/22932 http://security.gentoo.org/glsa/glsa-200704-06.xml http://secunia.com/advisories/24787 http://www.mandriva.com/security/advisories?name=MDKSA-2006:214 http://www.mandriva.com/security/advisories?name=MDKSA-2006:229 http://secunia.com/advisories/24649 http://www.vupen.com/english/advisories/2006/4424 http://www.vupen.com/english/advisories/2006/4747 https://exchange.xforce.ibmcloud.com/vulnerabilities/30555 https://exchange.xforce.ibmcloud.com/vulnerabilities/30153 https://www.exploit-db.com/exploits/2858 http://www.securityfocus.com/archive/1/452868/100/0/threaded http://www.securityfocus.com/archive/1/451422/100/200/threaded http://www.securityfocus.com/archive/1/451057/100/0/threaded