Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[KDE Security Advisory]: kimgio input validation errors

From: Dirk Mueller (dirkkde.org)
Date: Thu Apr 21 2005 - 19:04:31 CDT

KDE Security Advisory: kimgio input validation errors
Original Release Date: 2005-04-21
URL: http://www.kde.org/info/security/advisory-20050421-1.txt

0. References


1. Systems affected:

        kdelibs as shipped with KDE 3.2 up to including KDE 3.4.

2. Overview:

        kimgio contains a PCX image file format reader that does
        not properly perform input validation. A source code audit
        performed by the KDE security team discovered several
        vulnerabilities in the PCX and other image file format
        readers, some of them exploitable to execute arbitrary

3. Impact:

        Remotly supplied, specially crafted image files can be used
        to execute arbitrary code.

4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.

5. Patch:

        A patch for KDE 3.4.0 is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        78473d4dad612e6617eb6652eec2ab80 post-3.4.0-kdelibs-kimgio.diff

        A patch for KDE 3.3.2 is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        8366d0e5c8101c315a0bdafac54536d6 post-3.3.2-kdelibs-kimgio.diff

6. Time line and credits:

        24/03/2005 Notification of KDE by Bruno Rohee
        21/04/2005 Coordinated Public Disclosure