Published: 10/10/2002 Updated: 18/10/2016

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 470

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Buffer overflow in (1) gv 3.5.8 and previous versions, (2) gvv 1.0.2 and previous versions, (3) ggv 1.99.90 and previous versions, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and previous versions, allows malicious users to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gv gv 2.7.6
gv gv 2.7b1
gv gv 3.0.4
gv gv 3.1.4
gv gv 3.5.8
ggv ggv 1.0.2
gv gv 2.7b2
gv gv 2.7b3
gv gv 3.1.6
gv gv 3.2.4
ghostview ghostview 1.4.1
ghostview ghostview 1.5
gv gv 2.9.4
gv gv 3.0.0
gv gv 3.4.3
gv gv 3.5.2
gv gv 3.5.3
ghostview ghostview 1.3
ghostview ghostview 1.4
gv gv 2.7b4
gv gv 2.7b5
gv gv 3.4.12
gv gv 3.4.2

Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11 The same code is present in kghostview which is part of the KDE-Graphics package This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file The attacker is able to cause arbitrary code to ...

Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11 The same code is present in gnome-gv This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file The attacker is able to cause arbitrary code to be run with the privileges of the victim T ...

source: wwwsecurityfocuscom/bid/5808/info gv is a freely available, open source Portable Document Format (PDF) and PostScript (PS) viewing utility It is available for Unix and Linux operating systems It has been reported that an insecure sscanf() function exists in gv Due to this function, an attacker may be able to put malicious code ...

source: wwwsecurityfocuscom/bid/5808/info gv is a freely available, open source Portable Document Format (PDF) and PostScript (PS) viewing utility It is available for Unix and Linux operating systems It has been reported that an insecure sscanf() function exists in gv Due to this function, an attacker may be able to put malicious co ...

NVD-CWE-Other http://www.redhat.com/support/errata/RHSA-2002-212.html http://www.securityfocus.com/bid/5808 http://www.iss.net/security_center/static/10201.php http://www.kb.cert.org/vuls/id/600777 http://www.redhat.com/support/errata/RHSA-2002-207.html http://www.redhat.com/support/errata/RHSA-2002-220.html http://www.debian.org/security/2002/dsa-176 http://www.debian.org/security/2002/dsa-179 http://www.debian.org/security/2002/dsa-182 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-053.0.txt http://www.kde.org/info/security/advisory-20021008-1.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000542 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security http://www.mandriva.com/security/advisories?name=MDKSA-2002:069 http://www.mandriva.com/security/advisories?name=MDKSA-2002:071 http://marc.info/?l=bugtraq&m=103305615613319&w=2 http://marc.info/?l=bugtraq&m=103487806800388&w=2 http://marc.info/?l=bugtraq&m=103305778615625&w=2 https://nvd.nist.gov https://www.debian.org/security/./dsa-182 https://www.exploit-db.com/exploits/21871/https://www.kb.cert.org/vuls/id/600777

CVE-2002-0838

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect