GLSA-200704-06 : Evince: Stack overflow in included gv code
Medium Nessus Plugin ID 25019
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200704-06 (Evince: Stack overflow in included gv code)
Evince includes code from GNU gv that does not properly boundary check user-supplied data before copying it into process buffers.
An attacker could entice a user to open a specially crafted PostScript document with Evince and possibly execute arbitrary code with the rights of the user running Evince.
There is no known workaround at this time.
SolutionAll Evince users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-text/evince-0.6.1-r3'