|Description||Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||medium (attack range: remote)|
|Debian Bugs||398292, 400904, 400906, 402063|
Vulnerable and fixed packages
The table below lists information on source packages.
|evince (PTS)||jessie (security), jessie||3.14.1-2+deb8u2||fixed|
|stretch (security), stretch||3.22.1-3+deb9u1||fixed|
|gv (PTS)||buster, sid, jessie, stretch||1:3.7.4-1||fixed|
The information below is based on the following data on fixed versions.