Bugtraq mailing list archives
[KDE Security Advisory] kpdf/xpdf heap based buffer overflow
From: Dirk Mueller <mueller () kde org>
Date: Fri, 3 Feb 2006 00:12:47 +0100
KDE Security Advisory: kpdf/xpdf heap based buffer overflow Original Release Date: 2006-02-02 URL: http://www.kde.org/info/security/advisory-20060202-1.txt 0. References CVE-2006-0301 1. Systems affected: KDE 3.4.0 up to including KDE 3.5.1 2. Overview: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code. 3. Impact: Remotely supplied pdf files can be used to execute arbitrary code on the client machine. 4. Solution: Source code patches have been made available which fix these vulnerabilities. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages. 5. Patch: Patch for KDE 3.4.3 is available from ftp://ftp.kde.org/pub/kde/security_patches : bc7dc2a5235f95a41fc1d7ab885899da post-3.5.1-kdegraphics-CVE-2006-0301.diff Patch for KDE 3.4.3 is available from ftp://ftp.kde.org/pub/kde/security_patches : ebbce0a49537b694932b3c0efcf18261 post-3.4.3-kdegraphics-CVE-2006-0301.diff
Attachment:
_bin
Description:
Current thread:
- [KDE Security Advisory] kpdf/xpdf heap based buffer overflow Dirk Mueller (Feb 03)
- Re: [KDE Security Advisory] kpdf/xpdf heap based buffer overflow Dirk Mueller (Feb 06)