Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. The same code is present in kghostview which is part of the KDE-Graphics package. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim. This problem has been fixed in version 2.2.2-6.8 for the current stable distribution (woody) and in version 2.2.2-6.9 for the unstable distribution (sid). The old stable distribution (potato) is not affected since no KDE is included. We recommend that you upgrade your kghostview package.
Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. The same code is present in kghostview which is part of the KDE-Graphics package. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim.
This problem has been fixed in version 2.2.2-6.8 for the current stable distribution (woody) and in version 2.2.2-6.9 for the unstable distribution (sid). The old stable distribution (potato) is not affected since no KDE is included.
We recommend that you upgrade your kghostview package.
MD5 checksums of the listed files are available in the original advisory.