Package: evince Version: 0.4.0-2+b2 Severity: important Tags: security A vulnerability has been discovered in Evince, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the "get_next_text()" function in ps/ps.c. This can be exploited to cause a buffer overflow by e.g. tricking a user into opening a specially crafted PostScript file. The vulnerability is confirmed in version 0.6.1. Other versions may also be affected. Maybe evince 0.4.0-2+b2 and 0.4.0-2+b3 it vulnerable If not I will close this bug. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-2-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
