Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gv | gv | 2.7b5 |
| gv | gv | 3.4.2 |
| gv | gv | 2.7b1 |
| gv | gv | 3.4.3 |
| gv | gv | 2.9.4 |
| gv | gv | 3.0.4 |
| gv | gv | 2.7.6 |
| gv | gv | 3.5.2 |
| gv | gv | 2.7b4 |
| ghostview | ghostview | 1.3 |
| gv | gv | 3.5.3 |
| ghostview | ghostview | 1.4.1 |
| gv | gv | 2.7b3 |
| gv | gv | 3.0.0 |
| gv | gv | 3.1.4 |
| ghostview | ghostview | 1.4 |
| ghostview | ghostview | 1.5 |
| gv | gv | 2.7b2 |
| gv | gv | 3.1.6 |
| gv | gv | 3.2.4 |
| gv | gv | 3.4.12 |
| gv | gv | 3.5.8 |
| ggv | ggv | 1.0.2 |
gv 3.5.8, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the filename for (1) a PDF file or (2) a gzip file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gv | gv | 2.7b5 |
| gv | gv | 3.4.2 |
| gv | gv | 2.7b1 |
| gv | gv | 3.4.3 |
| gv | gv | 2.9.4 |
| gv | gv | 3.0.4 |
| gv | gv | 2.7.6 |
| gv | gv | 3.5.2 |
| gv | gv | 2.7b4 |
| ghostview | ghostview | 1.3 |
| gv | gv | 3.5.3 |
| ghostview | ghostview | 1.4.1 |
| gv | gv | 2.7b3 |
| gv | gv | 3.0.0 |
| gv | gv | 3.1.4 |
| ghostview | ghostview | 1.4 |
| ghostview | ghostview | 1.5 |
| gv | gv | 2.7b2 |
| gv | gv | 3.1.6 |
| gv | gv | 3.2.4 |
| gv | gv | 3.4.12 |
| gv | gv | 3.5.8 |
Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gv | gv | 2.7b5 |
| gv | gv | 3.4.2 |
| gv | gv | 2.7b1 |
| gv | gv | 3.4.3 |
| gv | gv | 2.9.4 |
| gv | gv | 3.0.4 |
| gv | gv | 2.7.6 |
| gv | gv | 3.5.2 |
| gv | gv | 2.7b4 |
| gv | gv | 3.5.3 |
| gv | gv | 2.7b3 |
| gv | gv | 3.0.0 |
| gv | gv | 3.1.4 |
| gv | gv | 2.7b2 |
| gv | gv | 3.1.6 |
| gv | gv | 3.2.4 |
| gv | gv | 3.4.12 |
| gv | gv | 3.5.8 |