This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gnu First view 2006-11-10
Product Gv Last view 2010-07-22
Version 3.5.8 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:gnu:gv

Activity : Overall

Related : CVE

  Date Alert Description
3.3 2010-07-22 CVE-2010-2056

GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

5.1 2006-11-10 CVE-2006-5864

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
50% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Open Source Vulnerability Database (OSVDB)

id Description
66249 gv Unspecified PDF File Processing Temporary File Symlink Arbitrary File Over...
30274 GNU gv ps.c ps_gettext() Function Overflow

OpenVAS Exploits

id Description
2010-08-30 Name : Mandriva Update for gv MDVSA-2010:159 (gv)
File : nvt/gb_mandriva_MDVSA_2010_159.nasl
2010-07-12 Name : Fedora Update for gv FEDORA-2010-10642
File : nvt/gb_fedora_2010_10642_gv_fc13.nasl
2010-07-12 Name : Fedora Update for gv FEDORA-2010-10660
File : nvt/gb_fedora_2010_10660_gv_fc12.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200611-20 (gv)
File : nvt/glsa_200611_20.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200703-24 (mgv)
File : nvt/glsa_200703_24.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200704-06 (evince)
File : nvt/glsa_200704_06.nasl
2008-09-04 Name : FreeBSD Ports: evince
File : nvt/freebsd_evince.nasl
2008-01-17 Name : Debian Security Advisory DSA 1214-1 (gv)
File : nvt/deb_1214_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1214-2 (gv)
File : nvt/deb_1214_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 1243-1 (evince)
File : nvt/deb_1243_1.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Gnu gv buffer overflow attempt
RuleID : 9619 - Type : FILE-OTHER - Revision : 6

Nessus® Vulnerability Scanner

id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2010-08-24 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2010-159.nasl - Type: ACT_GATHER_INFO
2010-07-09 Name: The remote Fedora host is missing a security update.
File: fedora_2010-10642.nasl - Type: ACT_GATHER_INFO
2010-07-09 Name: The remote Fedora host is missing a security update.
File: fedora_2010-10660.nasl - Type: ACT_GATHER_INFO
2007-12-13 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_gv-2267.nasl - Type: ACT_GATHER_INFO
2007-12-13 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_evince-2358.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-390-3.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-390-2.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-390-1.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote openSUSE host is missing a security update.
File: suse_gv-2266.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote openSUSE host is missing a security update.
File: suse_evince-2362.nasl - Type: ACT_GATHER_INFO
2007-04-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200704-06.nasl - Type: ACT_GATHER_INFO
2007-04-05 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200703-24.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2006-214.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2006-229.nasl - Type: ACT_GATHER_INFO
2007-01-17 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-1438.nasl - Type: ACT_GATHER_INFO
2007-01-17 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-1437.nasl - Type: ACT_GATHER_INFO
2006-12-30 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1243.nasl - Type: ACT_GATHER_INFO
2006-12-16 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_779a2d558ba811db81d500123ffe8333.nasl - Type: ACT_GATHER_INFO
2006-11-27 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200611-20.nasl - Type: ACT_GATHER_INFO
2006-11-22 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1214.nasl - Type: ACT_GATHER_INFO