Package name
evince
Date
2006-12-13
Advisory ID
MDKSA-2006:229
Affected versions
2007.0 x86_64 , 2007.0 i586

Problem description

Stack-based buffer overflow in ps.c for evince allows user-assisted
attackers to execute arbitrary code via a PostScript (PS) file with
certain headers that contain long comments, as demonstrated using the
DocumentMedia header.

Packages have been patched to correct this issue.

Updated packages

2007.0 x86_64

 5d231a5f65991fe2383cdfc907425b77  2007.0/x86_64/evince-0.6.0-1.2mdv2007.0.x86_64.rpm 
 d8a6e0604fe5fff79909659bd2fa0136  2007.0/SRPMS/evince-0.6.0-1.2mdv2007.0.src.rpm

2007.0 i586

 9cac7456ee1b25c93bd73c430475baaf  2007.0/i586/evince-0.6.0-1.2mdv2007.0.i586.rpm 
 d8a6e0604fe5fff79909659bd2fa0136  2007.0/SRPMS/evince-0.6.0-1.2mdv2007.0.src.rpm

References