Advertisement

Latest News

[ Windows | Linux | Apple ]

· Libreoffice 4.0.3 released and PPA installation instructions included
· MySQL 5.5.31 for Debian Squeeze
· Gigabyte Intel Z87 Motherboard Lineup Preview and more
· Microsoft to roll out Xbox dashboard UI alterations before next-gen console
· Adobe Photoshop Express now available for Windows 8 and RT
· GNOME 3.8.2 Released
· Windows 8 is an enterprise 'non-starter' because IT sees no value in changes
· What to Expect from Unity in Ubuntu 13.10
· Analysts praise Nokia's new Lumia 925
· Best Business Laptops - May 2013 and more

Upcoming News

· Sumo Lounge Emperor
· Gigabyte Intel Z87 Motherboard Lineup Preview
· [ANNOUNCE] libchamplain 0.12.4
· [security-announce] SUSE-SU-2013:0810-1: important: Security update for oracle-update
· [security-announce] SUSE-SU-2013:0811-1: important: Security update for oracle-update
· [security-announce] SUSE-SU-2013:0809-1: important: Security update for Acrobat Reader
· Rosewill RDEE-12002 USB 3.0 Hard Drive Enclosure @ techPowerUp
· ASUS M5A97 R2.0 Motherboard @ Hardware Secrets
· Samsung Galaxy S4 Smartphone Review @ HardwareHeaven.com
· [RHSA-2013:0832-01] Important: kernel security update

Linux Compatibility

· Dell Dimension 9100
· CL-CAM50001 UPC=3700284609322
· DFE 520 TX
· nVidia GeForce4 MX 440
· Gore: Ultimate Soldier
· SMC2802W V2 wi-fi 54Mbps PCI card
· Wireless modem router N300
· Dell P780
· ASUS A7V8X
· BricsCAD for Linux

New Forum Topics

· shutdown link ?
by: estirwent
on: 2013-05-11 17:46
18 replies, 6323 views

· Laptop keyboard drank soda
by: Zenn
on: 2013-04-30 00:27
1 replies, 638 views

· connecting to to internet with ubuntu
by: Zenn
on: 2013-04-30 00:26
2 replies, 4491 views

· Need Linux-compatible PS/2 expansion card
by: Zenn
on: 2013-04-30 00:26
1 replies, 702 views

· irql_not_less_or_equal blue screen
by: Zenn
on: 2013-04-30 00:25
2 replies, 1090 views

News Channels

· Drivers
· Guides
· Reviews
· Security
· Software
· Press Release
· Updates
· Interviews
· Linux
· General
· Debian
· Red Hat
· Slackware
· Gentoo
· Mandriva
· White Box
· SUSE
· GNOME
· KDE
· CentOS
· Ubuntu
· MEPIS
· Android

What's New

Login to see an overview of all news stories since your last visit.

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

kpdf Buffer Overflow Vulnerability

Posted by Philipp Esselbach on: 01/19/2005 03:50 PM [ Print | 0 comment(s) ]

KDE Security Advisory: kpdf Buffer Overflow Vulnerability
Original Release Date: 2005-01-19
URL: http://www.kde.org/info/security/advisory-20050119-1.txt

0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
http://www.idefense.com/application/poi/display?id=186type=vulnerabilities

1. Systems affected:

KDE 3.2 up to including KDE 3.2.3.
KDE 3.3 up to including KDE 3.3.2.

2. Overview:

kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.

3. Impact:

Remotely supplied pdf files can be used to execute arbitrary code on the client machine.

4. Solution:

Source code patches have been made available which fix these vulnerabilities. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages.

5. Patch:

Patch for KDE 3.2.3 is available from
ftp://ftp.kde.org/pub/kde/security_patches :

fc6fc7fa6886d6ff19037e7547846990 post-3.2.3-kdegraphics-3.diff

Patch for KDE 3.3.2 is available from
ftp://ftp.kde.org/pub/kde/security_patches :

fc6fc7fa6886d6ff19037e7547846990 post-3.3.2-kdegraphics-3.diff

6. Time line and credits:

19/01/2005 KDE Security Team alerted by Carsten Lohrke
19/01/2005 Patches from xpdf 3.00pl3 applied to KDE CVS and patches prepared.
19/01/2005 Public disclosure.

All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2013 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Powered by Contentteller® Business Edition