K-Special

Name of the Vulnerable Software and Affected Versions: GNU gv version 3.6.2 GNU gv versions prior to 3.6.2 Description: The issue is related to a stack-based buffer overflow in the ps gettext function, which can be exploited by user-assisted attackers through a PostScript (PS) file with certain headers containing long comments. This can lead to the execution of arbitrary code. The affected headers include `DocumentMedia`, `DocumentPaperSizes`, and possibly `PageMedia` and `PaperSize`. This issue can also be exploited through other products that use gv, such as evince. Additionally, there are multiple vulnerabilities in the gv package that can lead to confidentiality, integrity, and availability breaches, and these can be exploited remotely. Recommendations: For GNU gv version 3.6.2, update to a newer version that contains a fix for this issue. For GNU gv versions prior to 3.6.2, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting the use of the `ps gettext` function in the ps.c file until a patch is available. Avoid using the `DocumentMedia`, `DocumentPaperSizes`, `PageMedia`, and `PaperSize` headers in PostScript files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** iShopCart (affected versions not specified) **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in easy-scart.cgi. This is achieved by including a .. (dot dot) in the query string. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iShopCart versions prior to the version that fixes the issue in easy-scart.c through easy-scart6.c **Description** The issue is related to multiple buffer overflows in the `vGetPost` and `main` functions. Remote attackers can execute arbitrary code by sending a large amount of data containing "Submit" in an `sslinvoice` action. Additionally, remote attackers can have an unknown impact via a large amount of posted data. **Recommendations** For iShopCart versions prior to the version that fixes the issue in easy-scart.c through easy-scart6.c, consider disabling the `vGetPost` and `main` functions in easy-scart.c through easy-scart6.c as a temporary workaround until a patch is available. Restrict access to the `sslinvoice` action to minimize the risk of exploitation. Avoid using the `sslinvoice` action with a large amount of posted data until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.