kdegraphics: Denial of Service Vulnerability

Users of kdegraphics please be advised of a denial of service vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

MDVSA-2010:229: [MDVSA-2010:229] kdegraphics
Problem Description:

Multiple vulnerabilities were discovered and corrected in kdegraphics:

The Gfx::getPos function in the PDF parser in kdegraphics, allows

context-dependent attackers to cause a denial of service (crash)

via unknown vectors that trigger an uninitialized pointer dereference

(CVE-2010-3702).

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser

in kdegraphics, allows context-dependent attackers to cause a denial

of service (crash) and possibly execute arbitrary code via a PDF

file with a crafted Type1 font that contains a negative array index,

which bypasses input validation and which triggers memory corruption

(CVE-2010-3704).


Read more at http://www.criticalwatch.com

 

Advertisements