ID CVE-2002-0838
Summary Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.
References
Vulnerable Configurations
  • cpe:2.3:a:ggv:ggv:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ggv:ggv:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ghostview:ghostview:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:ghostview:ghostview:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ghostview:ghostview:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:ghostview:ghostview:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ghostview:ghostview:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:ghostview:ghostview:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ghostview:ghostview:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:ghostview:ghostview:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:2.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:2.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:2.7b1:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:2.7b1:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:2.7b2:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:2.7b2:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:2.7b3:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:2.7b3:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:2.7b4:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:2.7b4:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:2.7b5:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:2.7b5:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:2.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:2.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:3.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:3.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:3.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:3.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:3.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:3.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:3.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:3.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:3.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:3.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:3.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:3.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gv:gv:3.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:gv:gv:3.5.8:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 18-10-2016 - 02:22)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2002:207
  • rhsa
    id RHSA-2002:212
  • rhsa
    id RHSA-2002:220
refmap via4
bid 5808
bugtraq
  • 20020926 Errata: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv
  • 20020926 iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv
  • 20021017 GLSA: ggv
caldera CSSA-2002-053.0
cert-vn VU#600777
conectiva CLA-2002:542
confirm
debian
  • DSA-176
  • DSA-179
  • DSA-182
mandrake
  • MDKSA-2002:069
  • MDKSA-2002:071
xf gv-sscanf-function-bo(10201)
Last major update 18-10-2016 - 02:22
Published 10-10-2002 - 04:00
Last modified 18-10-2016 - 02:22
Back to Top