Maksim Orlovich

**Name of the Vulnerable Software and Affected Versions** kdelibs versions 3.2.0 through 3.5.0 kdelibs versions prior to 3.4.3-r1 **Description** The issue is related to a heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine, which can be exploited remotely to execute arbitrary code via a crafted, UTF-8 encoded URI. This can lead to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** For kdelibs versions 3.2.0 through 3.5.0, update to a version outside of this range to resolve the issue. For kdelibs versions prior to 3.4.3-r1, update to version 3.4.3-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the kjs JavaScript interpreter engine until a patch is available.