After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 383485 - vulnerable to overflow in get_next_text (CVE-2006-5864)
vulnerable to overflow in get_next_text (CVE-2006-5864)
Status: RESOLVED DUPLICATE of bug 380191
Product: evince
Classification: Core
Component: backends
unspecified
Other All
: Normal critical
: ---
Assigned To: Evince Maintainers
Evince Maintainers
Depends on:
Blocks:
 
 
Reported: 2006-12-07 19:34 UTC by Kees Cook
Modified: 2006-12-08 12:34 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
patch to abort on overflow (780 bytes, patch)
2006-12-07 19:36 UTC, Kees Cook 		none Details | Review

Description Kees Cook 2006-12-07 19:34:58 UTC 
In the code from "gv" in the ps/ tree, ps.c's get_next_text is vulnerable to an overflow.  Viewing a specially crafted PS file can lead to arbitrary code execution:

http://www.milw0rm.com/exploits/2858

This is also tracked as CVE-2006-5864:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864

Attached is a patch against 0.6.1 that solves the problem.
Comment 1 Kees Cook 2006-12-07 19:36:05 UTC 
Created attachment 77917 [details] [review]
patch to abort on overflow
Comment 2 Carlos Garcia Campos 2006-12-08 12:34:03 UTC 
Thanks for the bug report. This particular bug has already been reported into our bug tracking system, but please feel free to report any further bugs you find.


*** This bug has been marked as a duplicate of 380191 ***