Bug#291994: "Decrypt::makeFileKey2()" Buffer Overflow
Package: kpdf
Version: 3.x
Severity: grave
Tags: security sarge sid patch
The version in woody is not affected by this problem.
TITLE:
KDE kpdf "Decrypt::makeFileKey2()" Buffer Overflow
SECUNIA ADVISORY ID:
SA13916
VERIFY ADVISORY:
http://secunia.com/advisories/13916/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
KDE 3.x
http://secunia.com/product/219/
DESCRIPTION:
The vendor has acknowledged a vulnerability in kpdf, which can be
exploited by malicious people to compromise a user's system.
For more information:
SA13903
SOLUTION:
Apply patches.
KDE 3.2.3:
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdegraphics-3.diff
KDE 3.3.2:
ftp://ftp.kde.org/pub/kde/security_patches/post-3.3.2-kdegraphics-3.diff
ORIGINAL ADVISORY:
http://www.kde.org/info/security/advisory-20050119-1.txt
OTHER REFERENCES:
SA13903:
http://secunia.com/advisories/13903/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Reply to: