kpdf Buffer Overflow Vulnerability
Posted on: 01/19/2005 04:50 PM
KDE Security Advisory: kpdf Buffer Overflow Vulnerability
Original Release Date: 2005-01-19
0. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064http://www.idefense.com/application/poi/display?id=186type=vulnerabilities
1. Systems affected:
KDE 3.2 up to including KDE 3.2.3.
KDE 3.3 up to including KDE 3.3.2.
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.
Remotely supplied pdf files can be used to execute arbitrary code on the client machine.
Source code patches have been made available which fix these vulnerabilities. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages.
Patch for KDE 3.2.3 is available from
Patch for KDE 3.3.2 is available from
6. Time line and credits:
19/01/2005 KDE Security Team alerted by Carsten Lohrke
19/01/2005 Patches from xpdf 3.00pl3 applied to KDE CVS and patches prepared.
19/01/2005 Public disclosure.