openbsd-ports

cpet/openbsd-ports

Fork 0

Commit Graph

Author	SHA1	Message	Date
brad	78171009d1	Fix another security issue with gv. Zen Parse found a local buffer overflow in gv version 3.5.8 and earlier. Under this vulnerability, an attacker can create a carefully crafted, malformed PDF or PostScript file that, when viewed using gv, executes arbitrary commands on the system. http://marc.theaimsgroup.com/?l=bugtraq&m=103428425111983&w=2	2002-10-26 21:48:07 +00:00
brad	36a9392a98	Fix security issue with gv. When GV detects that the document is either a PDF file or a GZip compressed file, it executes some commands with the help of the system() function. Unfortunately, these commands contain the filename, which can be considered as untrusted user input. It is then possible to distribute a file (with a meticulously chosen filename, that even seems innocent) that causes execution of arbitrary shell commands when it is read with GV. http://www.epita.fr/~bevand_m/asa/asa-0000	2002-10-04 18:29:14 +00:00

Author

SHA1

Message

Date

brad

78171009d1

Fix another security issue with gv.

Zen Parse found a local buffer overflow in gv version 3.5.8 and earlier.

Under this vulnerability, an attacker can create a carefully crafted,
malformed PDF or PostScript file that, when viewed using gv, executes
arbitrary commands on the system.

http://marc.theaimsgroup.com/?l=bugtraq&m=103428425111983&w=2

2002-10-26 21:48:07 +00:00

brad

36a9392a98

Fix security issue with gv.

When GV detects that the document is either a PDF file or a
GZip compressed file, it executes some commands with the help of the
system() function. Unfortunately, these commands contain the
filename, which can be considered as untrusted user input. It is then
possible to distribute a file (with a meticulously chosen filename,
that even seems innocent) that causes execution of arbitrary
shell commands when it is read with GV.

http://www.epita.fr/~bevand_m/asa/asa-0000

2002-10-04 18:29:14 +00:00

2 Commits