CVE-2002-0838: Buffer Overflow
First published: Tue Oct 01 2002(Updated: )
Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GeoVision | =3.4.2 | |
| Ghostview | =1.5 | |
| GeoVision | =3.5.2 | |
| GeoVision | =3.1.4 | |
| GeoVision | =3.4.12 | |
| GeoVision | =2.7b4 | |
| GeoVision | =3.5.3 | |
| GeoVision | =3.2.4 | |
| GeoVision | =2.9.4 | |
| GeoVision | =2.7b1 | |
| Ghostview | =1.4.1 | |
| GeoVision | =2.7b5 | |
| GeoVision | =3.1.6 | |
| Ggv | =1.0.2 | |
| GeoVision | =2.7.6 | |
| GeoVision | =3.0.0 | |
| Ghostview | =1.3 | |
| GeoVision | =3.0.4 | |
| GeoVision | =3.4.3 | |
| GeoVision | =2.7b3 | |
| GeoVision | =3.5.8 | |
| GeoVision | =2.7b2 | |
| Ghostview | =1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2002-212.html
- http://www.securityfocus.com/bid/5808
- http://www.iss.net/security_center/static/10201.php
- http://www.kb.cert.org/vuls/id/600777
- http://www.redhat.com/support/errata/RHSA-2002-207.html
- http://www.redhat.com/support/errata/RHSA-2002-220.html
- http://www.debian.org/security/2002/dsa-176
- http://www.debian.org/security/2002/dsa-179
- http://www.debian.org/security/2002/dsa-182
- http://www.kde.org/info/security/advisory-20021008-1.txt
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000542
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security
- http://www.mandriva.com/security/advisories?name=MDKSA-2002:069
- http://www.mandriva.com/security/advisories?name=MDKSA-2002:071
- http://marc.info/?l=bugtraq&m=103305615613319&w=2
- http://marc.info/?l=bugtraq&m=103487806800388&w=2
- http://marc.info/?l=bugtraq&m=103305778615625&w=2
Frequently Asked Questions
What is the severity of CVE-2002-0838?
CVE-2002-0838 has a high severity due to the potential for remote code execution.
How do I fix CVE-2002-0838?
To fix CVE-2002-0838, upgrade gv to version 3.5.9 or later, and ensure other affected software is updated accordingly.
What versions are impacted by CVE-2002-0838?
CVE-2002-0838 affects gv versions 3.5.8 and earlier, gvv 1.0.2 and earlier, and earlier versions of gnome-gv and kghostview.
What types of files exploit CVE-2002-0838?
CVE-2002-0838 can be exploited through malformed PDF or PostScript files.
Is CVE-2002-0838 still a concern today?
While CVE-2002-0838 was reported in 2002, systems using affected versions of the software may still be at risk if not updated.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/gv
- canonical/geovision
- version/geovision/3.4.2
- vendor/ghostview
- canonical/ghostview
- version/ghostview/1.5
- version/geovision/3.5.2
- version/geovision/3.1.4
- version/geovision/3.4.12
- version/geovision/2.7b4
- version/geovision/3.5.3
- version/geovision/3.2.4
- version/geovision/2.9.4
- version/geovision/2.7b1
- version/ghostview/1.4.1
- version/geovision/2.7b5
- version/geovision/3.1.6
- vendor/ggv
- canonical/ggv
- version/ggv/1.0.2
- version/geovision/2.7.6
- version/geovision/3.0.0
- version/ghostview/1.3
- version/geovision/3.0.4
- version/geovision/3.4.3
- version/geovision/2.7b3
- version/geovision/3.5.8
- version/geovision/2.7b2
- version/ghostview/1.4