Vulnerability Name: CVE-2002-0838 (CCN-10201) Assigned: 2002-09-26 Published: 2002-09-26 Updated: 2016-10-18 Summary: Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf. CVSS v3 Severity: 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: CALDERACSSA-2002-053.0 Linux: gv execution of arbitrary shell commands Exploitable Buffer Overflow in gv gv/kghostview CVE-2002-0838 CLA-2002:542 20020926 iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv 20020926 Errata: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv 20021017 GLSA: ggv Errata: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv ggv Updated packages fix PostScript and PDF security issue ggv security update Updated packages fix PostScript and PDF security issue Updated KDE packages fix security issues Sun Linux Security Vulnerability in "gv" ("Ghostview") Command http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security Red Hat Multiple Vulnerabilities in KDE DSA-176 DSA-179 DSA-182 gv -- buffer overflow gnome-gv -- buffer overflow kdegraphics -- buffer overflow gv: Exploitable Buffer Overflow gv-sscanf-function-bo(10201) gv contains buffer overflow in sscanf() function VU#600777 KGhostview Arbitary Code Execution http://www.kde.org/info/security/advisory-20021008-1.txt MDKSA-2002:069 MDKSA-2002:071 RHSA-2002:207 RHSA-2002:212 RHSA-2002:220 5808 GV Malformed PDF/PS File Buffer Overflow Vulnerability Ircd hybrid-6 Buffer Overflow Vulnerability gv-sscanf-function-bo(10201) Vulnerable Configuration: Configuration 1 :cpe:/a:ggv:ggv:1.0.2:*:*:*:*:*:*:* OR cpe:/a:ghostview:ghostview:1.3:*:*:*:*:*:*:* OR cpe:/a:ghostview:ghostview:1.4:*:*:*:*:*:*:* OR cpe:/a:ghostview:ghostview:1.4.1:*:*:*:*:*:*:* OR cpe:/a:ghostview:ghostview:1.5:*:*:*:*:*:*:* OR cpe:/a:gv:gv:2.7.6:*:*:*:*:*:*:* OR cpe:/a:gv:gv:2.7b1:*:*:*:*:*:*:* OR cpe:/a:gv:gv:2.7b2:*:*:*:*:*:*:* OR cpe:/a:gv:gv:2.7b3:*:*:*:*:*:*:* OR cpe:/a:gv:gv:2.7b4:*:*:*:*:*:*:* OR cpe:/a:gv:gv:2.7b5:*:*:*:*:*:*:* OR cpe:/a:gv:gv:2.9.4:*:*:*:*:*:*:* OR cpe:/a:gv:gv:3.0.0:*:*:*:*:*:*:* OR cpe:/a:gv:gv:3.0.4:*:*:*:*:*:*:* OR cpe:/a:gv:gv:3.1.4:*:*:*:*:*:*:* OR cpe:/a:gv:gv:3.1.6:*:*:*:*:*:*:* OR cpe:/a:gv:gv:3.2.4:*:*:*:*:*:*:* OR cpe:/a:gv:gv:3.4.2:*:*:*:*:*:*:* OR cpe:/a:gv:gv:3.4.3:*:*:*:*:*:*:* OR cpe:/a:gv:gv:3.4.12:*:*:*:*:*:*:* OR cpe:/a:gv:gv:3.5.2:*:*:*:*:*:*:* OR cpe:/a:gv:gv:3.5.3:*:*:*:*:*:*:* OR cpe:/a:gv:gv:3.5.8:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:gnu:gv:3.5.8:*:*:*:*:*:*:* AND cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:* OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:* OR cpe:/a:redhat:linux_powertools:7.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:* OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:* OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:pseries:* OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:iseries:* OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:* Oval Definitions BACK
ggv ggv 1.0.2
ghostview ghostview 1.3
ghostview ghostview 1.4
ghostview ghostview 1.4.1
ghostview ghostview 1.5
gv gv 2.7.6
gv gv 2.7b1
gv gv 2.7b2
gv gv 2.7b3
gv gv 2.7b4
gv gv 2.7b5
gv gv 2.9.4
gv gv 3.0.0
gv gv 3.0.4
gv gv 3.1.4
gv gv 3.1.6
gv gv 3.2.4
gv gv 3.4.2
gv gv 3.4.3
gv gv 3.4.12
gv gv 3.5.2
gv gv 3.5.3
gv gv 3.5.8
gnu gv 3.5.8
redhat linux 6.2
debian debian linux 2.2
redhat linux 7
conectiva linux 6.0
redhat linux 7.1
mandrakesoft mandrake linux 8.0
conectiva linux 7.0
mandrakesoft mandrake linux 8.1
redhat linux 7.2
redhat linux powertools 7.0
mandrakesoft mandrake linux 8.2
conectiva linux 8.0
redhat linux 7.3
debian debian linux 3.0
gentoo linux *
redhat linux 8.0
mandrakesoft mandrake linux 9.0
redhat enterprise linux 2.1
redhat linux advanced workstation 2.1
redhat linux 7.1
redhat linux 7.1
mandrakesoft mandrake linux 8.0
mandrakesoft mandrake linux 8.1
mandrakesoft mandrake linux 8.2
Denotes that component is vulnerable