Bug#304465: kdelibs4: Invalid calculation of PCX image properties possibly permits arbitrary code execution
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Bug#304465: kdelibs4: Invalid calculation of PCX image properties possibly permits arbitrary code execution
- From: Moritz Muehlenhoff <jmm@inutil.org>
- Date: Wed, 13 Apr 2005 12:32:08 +0200
- Message-id: <E1DLfAG-0001wx-OQ@localhost.localdomain>
- Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 304465@bugs.debian.org
Package: kdelibs4
Severity: grave
Tags: security
Justification: user security hole
Invalid range checking in PCX header parsing possibly permits execution
of arbitrary code. Please see http://bugs.kde.org/show_bug.cgi?id=102328
for a full description, a crafted test image and a patch from Waldo Bastian
(so there's probably a pending KDE security advisory).
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Reply to: