Explore top 10 tips to secure your open-source projects now. Read More
×Gentoo Linux Security Advisory GLSA 200703-24
https://security.gentoo.org/
Severity: Normal
Title: mgv: Stack overflow in included gv code
Date: March 26, 2007
Bugs: #154645
ID: 200703-24
Synopsis
=======
mgv improperly handles user-supplied data possibly allowing for the
execution of arbitrary code.
Background
=========
mgv is a Postscript viewer with a Motif interface, based on Ghostview
and GNU gv.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/mgv <= 3.1.5 Vulnerable!
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
==========
mgv includes code from gv that does not properly boundary check
user-supplied data before copying it into process buffers.
Impact
=====
An attacker could entice a user to open a specially crafted Postscript
docu...
style>.gentoo_availability{display:block;}
Get the latest Linux and open source security news straight to your inbox.