[KDE Security Advisory] kjs encodeuri/decodeuri heap overflow
Posted on: 01/20/2006 02:41 AM
KDE Security Advisory: kjs encodeuri/decodeuri heap overflow vulnerability
Original Release Date: 2006-01-19
1. Systems affected:
KDE 3.2.0 up to including KDE 3.5.0
Maksim Orlovich discovered an incorrect bounds check in kjs,
parts of KDE, that allows a heap based buffer overflow
when decoding specially crafted UTF-8 encoded URI sequences.
and crash the web browser or execute arbitrary code.
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
Patch for KDE 3.4.0 - 3.5.0 is available from ftp://ftp.kde.org/pub/kde/security_patches
Patch for KDE 3.2.0 - 3.3.2 is available from ftp://ftp.kde.org/pub/kde/security_patches