DEBIAN-CVE-2006-5864

Advisory lineage Upstream: 1 Downstream: 3

Upstream

CVE-2006-5864

Downstream

DSA-1214-1 DSA-1214-2 DSA-1243-1

Published: 11 Nov 2006, 01:07

Last modified:20 Nov 2025, 05:01

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

11 Nov 2006, 01:07

Published

Vulnerability first disclosed

20 Nov 2025, 05:01

Last Modified

Vulnerability information updated

Description

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.

Affected Systems

debian•evince
< 0.4.0-3 | < 0.4.0-3 | < 0.4.0-3 | < 0.4.0-3
debian•gv
< 1:3.6.2-3 | < 1:3.6.2-3 | < 1:3.6.2-3 | < 1:3.6.2-3

References (1)

https://security-tracker.debian.org/tracker/CVE-2006-5864