Vulnerability DatabaseCVE-2006-5864
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2006-5864
November 11, 2006
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.
Related Resources (40)
http://secunia.com/advisories/23111
http://www.securityfocus.com/archive/1/452868/100/0/threaded
http://www.vupen.com/english/advisories/2006/4424
https://people.canonical.com/~ubuntu-security/cve/CVE-2006-5864
http://www.novell.com/linux/security/advisories/2006_28_sr.html
http://security.gentoo.org/glsa/glsa-200704-06.xml
http://secunia.com/advisories/23353
http://www.securityfocus.com/archive/1/451422/100/200/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/30153
http://secunia.com/advisories/23183
http://www.vupen.com/english/advisories/2006/4747
http://www.ubuntu.com/usn/usn-390-1
http://www.securityfocus.com/archive/1/451057/100/0/threaded
http://secunia.com/advisories/22932
http://secunia.com/advisories/24649
http://security.gentoo.org/glsa/glsa-200611-20.xml
http://www.securityfocus.com/bid/20978
http://www.ubuntu.com/usn/usn-390-3
http://secunia.com/advisories/22787
http://secunia.com/advisories/23118
http://www.debian.org/security/2006/dsa-1214
http://www.debian.org/security/2006/dsa-1243
https://exchange.xforce.ibmcloud.com/vulnerabilities/30555
http://www.ubuntu.com/usn/usn-390-2
http://secunia.com/advisories/23018
http://security.gentoo.org/glsa/glsa-200703-24.xml
https://issues.rpath.com/browse/RPL-850
http://secunia.com/advisories/23335
http://secunia.com/advisories/23579
http://secunia.com/advisories/23306
http://secunia.com/advisories/23409
http://www.novell.com/linux/security/advisories/2006_26_sr.html
http://secunia.com/advisories/24787
http://www.novell.com/linux/security/advisories/2006_29_sr.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:229
http://www.mandriva.com/security/advisories?name=MDKSA-2006:214
http://secunia.com/advisories/23006
http://secunia.com/advisories/23266
http://www.kb.cert.org/vuls/id/352825
https://www.exploit-db.com/exploits/2858
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
5.1
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-119
EPSS
Base Score:
32.79