PT-2008-3222 · Kde · Khtml+1
Published
2008-04-28
·
Updated
2017-08-08
·
CVE-2008-1670
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
KDE versions 4.0.x up to 4.0.3
Description
The issue is related to a heap-based buffer overflow in the progressive PNG image loader, specifically in the decoders/pngloader.cpp file of KHTML. This can be exploited by remote attackers using a crafted image, potentially leading to a denial of service (crash) and possibly the execution of arbitrary code.
Recommendations
For KDE versions 4.0.x up to 4.0.3, update to a version later than 4.0.3 to resolve the issue.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kde
Khtml