KDE Security Advisory: KOffice PDF Import Filter Vulnerability
Posted on: 01/21/2005 05:13 AM

KDE Security Advisory: KOffice PDF Import Filter Vulnerability
Original Release Date: 2005-01-20
URL: http://www.kde.org/info/security/advisory-20050120-1.txt

0. References

1. Systems affected:

KOffice 1.3 up to including KOffice 1.3.5

2. Overview:

The KOffice PDF Import Filter shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.

3. Impact:

Remotely supplied pdf files can be used to execute arbitrary code on the client machine when the user opens such file in KOffice.

4. Solution:

Source code patches have been made available which fix these vulnerabilities. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages.

5. Patch:

Patch for KOffice 1.3.5 is available from

ftp://ftp.kde.org/pub/kde/security_patches :

0e6194cbfe3f6d3b3c848c2c76ef5bfb post-1.3.5-koffice.diff

6. Time line and credits:

19/01/2005 KDE Security Team alerted by Carsten Lohrke
19/01/2005 Patches from xpdf 3.00pl3 applied to KDE CVS and patches prepared.

20/01/2005 Public disclosure.

Printed from Linux Compatible (https://www.linuxcompatible.org/news/story/kde_security_advisory_koffice_pdf_import_filter_vulnerability.html)