Philipp Hullmann

**Name of the Vulnerable Software and Affected Versions** kde-i18n-Japanese version 2.2.2 kdemultimedia version 2.2.2 kde-i18n-Spanish version 2.2.2 kde-i18n-German version 2.2.2 kde-i18n-Chinese version 2.2.2 kde-i18n-Korean version 2.2.2 kde-i18n-Bulgarian version 2.2.2 kdevelop version 2.0.2 kde-i18n-Xhosa version 2.2.2 kdenetwork version 2.2.2 libkonq-dev (affected versions not specified) kdeadmin version 2.2.2 kde-i18n-Turkish version 2.2.2 kde-i18n-Chinese-Big5 (affected versions not specified) kde-i18n-Latvian version 2.2.2 kdebase-audiolibs (affected versions not specified) kdewallpapers (affected versions not specified) kde-i18n-Azerbaijani version 2.2.2 kde-i18n version 2.2.2 kde-i18n-Ukrainian version 2.2.2 kde-i18n-Finnish version 2.2.2 kde-i18n-Maltese version 2.2.2 kde-i18n-Italian version 2.2.2 kde-i18n-Hungarian version 2.2.2 kde-i18n-Portuguese version 2.2.2 kde-i18n-Slovak version 2.2.2 kde-i18n-Lithuanian version 2.2.2 kde-i18n-Afrikaans version 2.2.2 kdepim version 2.2.2 kdebase-libs (affected versions not specified) kde-i18n-Dutch version 2.2.2 kde-i18n-Norwegian version 2.2.2 kde-i18n-Norwegian-Nynorsk version 2.2.2 kde-i18n-British version 2.2.2 kde-i18n-Icelandic version 2.2.2 kdesupport version 2.2 kde-i18n-Tamil version 2.2.2 kde-i18n-Romanian version 2.2.2 kde-i18n-Slovenian version 2.2.2 kde-i18n-Danish version 2.2.2 kde-i18n-Hebrew version 2.2.2 libkonq3 (affected versions not specified) kde-i18n-Thai version 2.2.2 kde-i18n-Greek version 2.2.2 kdeutils version 2.2.2 kde-i18n-Czech version 2.2.2 kde-i18n-Serbian version 2.2.2 kde-i18n-Polish version 2.2.2 kdesdk version 2.2.2 kde-i18n-Brazil version 2.2.2 kde-i18n-Russian version 2.2.2 kde-i18n-French version 2.2.2 kde-i18n-Esperanto version 2.2.2 kdegraphics version 2.2.2 kde-i18n-Swedish version 2.2.2 kde-i18n-Estonian version 2.2.2 kdebindings version 2.2.2 KDE versions prior to 3.1.1 **Description** The issue is related to multiple vulnerabilities in various KDE packages, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. In particular, KDE 2 and KDE 3.1.1 and earlier 3.x versions are vulnerable to arbitrary command execution via PostScript or PDF files due to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer. **Recommendations** For each affected version, update to a version that is not vulnerable or apply the recommended patches. As a temporary workaround, consider disabling the use of PostScript and PDF files in the kghostview Ghostscript viewer until a patch is available. Restrict access to the vulnerable components to minimize the risk of exploitation. Avoid using the vulnerable packages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.