Jump to content
Sign in to follow this  
paul

Advisories MDVSA-2010:229: kdegraphics

Recommended Posts

Multiple vulnerabilities were discovered and corrected in kdegraphics:

 

The Gfx::getPos function in the PDF parser in kdegraphics, allows

context-dependent attackers to cause a denial of service (crash)

via unknown vectors that trigger an uninitialized pointer dereference

(CVE-2010-3702).

 

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser

in kdegraphics, allows context-dependent attackers to cause a denial

of service (crash) and possibly execute arbitrary code via a PDF

file with a crafted Type1 font that contains a negative array index,

which bypasses input validation and which triggers memory corruption

(CVE-2010-3704).

 

The updated packages have been patched to correct these issues.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...