After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 380191 - crash in Document Viewer (CVE-2006-5864)
crash in Document Viewer (CVE-2006-5864)
Status: RESOLVED FIXED
Product: evince
Classification: Core
Component: general
0.6.x
Other All
: High critical
: ---
Assigned To: Evince Maintainers
Evince Maintainers
: 383485 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2006-11-28 16:17 UTC by Simon Danner
Modified: 2018-08-01 16:01 UTC
See Also:
GNOME target: ---
GNOME version: 2.15/2.16

Attachments
Document that crashes evince (550 bytes, application/postscript)
2006-11-29 16:02 UTC, Simon Danner 		Details

Description Simon Danner 2006-11-28 16:17:57 UTC 
Version: 0.6.1

What were you doing when the application crashed?



Distribution: Ubuntu 6.10 (edgy)
Gnome Release: 2.16.1 2006-10-02 (Ubuntu)
BugBuddy Version: 2.16.0

Memory status: size: 56008704 vsize: 0 resident: 56008704 share: 0 rss: 15110144 rss_rlim: 0
CPU usage: start_time: 1164730401 rtime: 0 utime: 74 stime: 0 cutime:66 cstime: 0 timeout: 8 it_real_value: 0 frequency: 0

Backtrace was generated from '/usr/bin/evince'

(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1229556048 (LWP 4750)]
[New Thread -1231168608 (LWP 4752)]
(no debugging symbols found)
0xffffe410 in __kernel_vsyscall ()

+ Trace 90034

Thread 2 (Thread -1231168608 (LWP 4752))

  • #0 __kernel_vsyscall
  • #1 __waitpid_nocancel
    from /lib/tls/i686/cmov/libpthread.so.0
  • #2 gnome_gtk_module_info_get
    from /usr/lib/libgnomeui-2.so.0
  • #3 <signal handler called>
  • #4 __kernel_vsyscall
  • #5 raise
    from /lib/tls/i686/cmov/libc.so.6
  • #6 abort
    from /lib/tls/i686/cmov/libc.so.6
  • #7 __fsetlocking
    from /lib/tls/i686/cmov/libc.so.6
  • #8 __stack_chk_fail
    from /lib/tls/i686/cmov/libc.so.6
  • #9 error
  • #10 error
  • #11 ??
  • #12 ??
  • #13 _IO_stdin_used
  • #14 ??
  • #15 ??
  • #16 ??
  • #17 ??
  • #18 _dl_debug_state
    from /lib/ld-linux.so.2
  • #19 ??
  • #20 ??
  • #21 ??
  • #22 ??
  • #23 ?? 






Comment 1


André Klapper





          2006-11-29 00:07:50 UTC
        



Thanks for the bug report. Unfortunately it lacks some information that may help us in finding the cause of the bug. Can you, if possible, attach the file causing the crash? Also this may be a Poppler Bug (the backend used by Evince to render PDF), could you please supply the poppler version and type? You can find it in the Help->About menu in Evince.







Comment 2


Simon Danner





          2006-11-29 16:02:27 UTC
        



Created attachment 77345 [details]
Document that crashes evince






Comment 3


Simon Danner





          2006-11-29 16:04:19 UTC
        



The poppler version is 0.5.4 (splash).
I got this document when using this exploit:
http://www.milw0rm.com/exploits/2858






Comment 4


Nickolay V. Shmyrev





          2006-11-30 07:38:35 UTC
        



Yes, I can also reproduce it, thanks a lot for reporting. It's pure evince bugs, since it Postscript document.






Comment 5


Carlos Garcia Campos





          2006-11-30 13:53:14 UTC
        



I've just committed a fix to cvs head and gnome-2-16 branch. Thanks a lot for the bug report.






Comment 6


Carlos Garcia Campos





          2006-12-08 12:34:03 UTC
        



*** Bug 383485 has been marked as a duplicate of this bug. ***