CVE-2002-0838

gv 3.5.8 - Buffer Overflow via Malformed PDF or PostScript File

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2002-0838. PoCs published by infamous42md, zen-parse.

AI-analyzed exploit summary This exploit leverages a buffer overflow in gv's handling of the %%PageOrder field via an insecure sscanf() function. It generates a malicious PostScript file that, when opened, executes shellcode to spawn a remote shell on port 7000.

Description

Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.

Exploits (2)

exploitdb WORKING POC VERIFIED

by infamous42md · clocallinux

https://www.exploit-db.com/exploits/21872

View Code ZIP pw:eip

This exploit leverages a buffer overflow in gv's handling of the %%PageOrder field via an insecure sscanf() function. It generates a malicious PostScript file that, when opened, executes shellcode to spawn a remote shell on port 7000.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: gv (PostScript/PDF viewer)

No auth needed

Prerequisites: Ability to deliver malicious PostScript file to target · Target must open the file with vulnerable gv version

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by zen-parse · clocallinux

https://www.exploit-db.com/exploits/21871

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in gv <= 3.5.8 via a maliciously crafted %%PageOrder field in a PDF/PS file. It uses a bind shell shellcode to execute arbitrary code in the context of the user opening the file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: gv <= 3.5.8

No auth needed

Prerequisites: Victim must open the malicious PDF/PS file with gv

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18

Core References

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2002/dsa-179

Vendor Advisory vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2002:069

Various Sources x_refsource_confirm

http://www.kde.org/info/security/advisory-20021008-1.txt

Various Sources vendor-advisory x_refsource_caldera

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-053.0.txt

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2002/dsa-182

Vendor Advisory vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000542

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=103305615613319&w=2

Vendor Advisory vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2002:071

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5808

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2002/dsa-176

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/10201.php

Patch, Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2002-212.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2002-220.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2002-207.html

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/600777

Vendor Advisory x_refsource_confirm

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=103487806800388&w=2

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=103305778615625&w=2

Scores

EPSS 0.0203

EPSS Percentile 78.5%

Details

Status published

Products (23)

ggv/ggv 1.0.2

ghostview/ghostview 1.3

ghostview/ghostview 1.4

ghostview/ghostview 1.4.1

ghostview/ghostview 1.5

gv/gv 2.7.6

gv/gv 2.7b1

gv/gv 2.7b2

gv/gv 2.7b3

gv/gv 2.7b4

... and 13 more

Published Oct 10, 2002

Tracked Since Feb 18, 2026