Editor Login | Register
Ekle

> World > Security
KDE KHTML PNG Processing Buffer Overflow Vulnerability - Security - World -
CWRedLight
(Date : 30.04.2008 22:58:17)


KDE KHTML PNG Processing Buffer Overflow Vulnerability
Secunia Advisory: SA29980  
Release Date: 2008-04-28

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

Software:KDE 4.x

CVE reference:CVE-2008-1670 (Secunia mirror)
Description:
A vulnerability has been reported in KDE, which potentially can be exploited by malicious people to compromise a user"s system.

The vulnerability is caused due to a boundary error in KHTML when processing PNG files. This can be exploited to cause a heap-based buffer overflow via a specially crafted PNG file included in e.g. a malicious web page.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in KHTML included in KDE versions 4.0 through 4.0.3.

Solution:
Apply vendor patch.
ftp://ftp.kde.org/pub/kde/security_patches/post-kde-4.0.3-khtml.diff

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.kde.org/info/security/advisory-20080426-1.txt

Derecelendir
Kaynak http://secunia.com/advisories/29980/
İçerik İhbarı
Bağlantılar: bilgininefendisi.net

Open Source Document Project AUP&TOS