evince

• Author: voroskoi
• Vulnerable: 0.6.0-1
• Unaffected: 0.6.0-2siwenna1

A vulnerability has been discovered in Evince, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error within the “get_next_text()” function in ps/ps.c. This can be exploited to cause a buffer overflow by e.g. tricking a user into opening a specially crafted PostScript file.

• Bug Tracker URL: http://bugs.frugalware.org/task/1500

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864