Bug#304465: kdelibs4: Invalid calculation of PCX image properties possibly permits arbitrary code execution

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#304465: kdelibs4: Invalid calculation of PCX image properties possibly permits arbitrary code execution
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 13 Apr 2005 12:32:08 +0200
Message-id: <E1DLfAG-0001wx-OQ@localhost.localdomain>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 304465@bugs.debian.org

Package: kdelibs4
Severity: grave
Tags: security
Justification: user security hole

Invalid range checking in PCX header parsing possibly permits execution
of arbitrary code. Please see http://bugs.kde.org/show_bug.cgi?id=102328
for a full description, a crafted test image and a patch from Waldo Bastian
(so there's probably a pending KDE security advisory).

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Reply to:

Follow-Ups:
- Bug#304465: marked as done (kdelibs4: Invalid calculation of PCX image properties possibly permits arbitrary code execution)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#252412: kopete: Reproduced with more details
Next by Date: Bug#304550: kmail: Signatures made by Apple Mail shown as bad when Mutt and Thunderbird show them as good
Previous by thread: Bug#252412: kopete: Reproduced with more details
Next by thread: Bug#304465: marked as done (kdelibs4: Invalid calculation of PCX image properties possibly permits arbitrary code execution)
Index(es):
- Date
- Thread