CVE-2006-5864

Name of the Vulnerable Software and Affected Versions: GNU gv version 3.6.2 GNU gv versions prior to 3.6.2

Description: The issue is related to a stack-based buffer overflow in the ps gettext function, which can be exploited by user-assisted attackers through a PostScript (PS) file with certain headers containing long comments. This can lead to the execution of arbitrary code. The affected headers include DocumentMedia, DocumentPaperSizes, and possibly PageMedia and PaperSize. This issue can also be exploited through other products that use gv, such as evince. Additionally, there are multiple vulnerabilities in the gv package that can lead to confidentiality, integrity, and availability breaches, and these can be exploited remotely.

Recommendations: For GNU gv version 3.6.2, update to a newer version that contains a fix for this issue. For GNU gv versions prior to 3.6.2, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting the use of the ps gettext function in the ps.c file until a patch is available. Avoid using the DocumentMedia, DocumentPaperSizes, PageMedia, and PaperSize headers in PostScript files until the issue is resolved.