1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Candidate: CVE-2010-2575
PublicDate: 2010-08-30
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2575
Description:
Heap-based buffer overflow in the RLE decompression functionality in the
TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp
in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary code
via a crafted image in a PDB file.
Ubuntu-Description:
Notes:
sbeattie> patch/cve notification from jriddell
sbeattie> kpdf (the precursor to okular) does not appear to be
affected
Bugs:
Priority: medium
Discovered-by: Stefan Cornelius of Secunia Research
Assigned-to: Steve Beattie
Patches_kdegraphics:
upstream: http://websvn.kde.org/?view=revision&revision=1167827
upstream_kdegraphics: released
dapper_kdegraphics: not-affected (kpdf)
hardy_kdegraphics: not-affected (kpdf)
jaunty_kdegraphics: released (4:4.2.2-0ubuntu2.1)
karmic_kdegraphics: released (4:4.3.2-0ubuntu1.1)
lucid_kdegraphics: released (4:4.4.2-0ubuntu1.1)
devel_kdegraphics: released (4:4.5.0b-0ubuntu3)
|