10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.129 Low
EPSS
Percentile
95.5%
CentOS Errata and Security Advisory CESA-2005:021
The kdegraphics package contains graphics applications for the K Desktop
Environment.
During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect libtiff. The kfax application contains a copy of
the libtiff code used for parsing TIFF files and is therefore affected by
these bugs. An attacker who has the ability to trick a user into opening a
malicious TIFF file could cause kfax to crash or possibly execute arbitrary
code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-0886 and CAN-2004-0804 to these issues.
Additionally, a number of buffer overflow bugs that affect libtiff have
been found. The kfax application contains a copy of the libtiff code used
for parsing TIFF files and is therefore affected by these bugs. An attacker
who has the ability to trick a user into opening a malicious TIFF file
could cause kfax to crash or possibly execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0803 to this issue.
Users of kfax should upgrade to these updated packages, which contain
backported patches and are not vulnerable to this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-April/073722.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073723.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073726.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073728.html
Affected packages:
kdegraphics
kdegraphics-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2005:021
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | x86_64 | kdegraphics | < 3.1.3-3.7 | kdegraphics-3.1.3-3.7.x86_64.rpm |
CentOS | 3 | x86_64 | kdegraphics-devel | < 3.1.3-3.7 | kdegraphics-devel-3.1.3-3.7.x86_64.rpm |
CentOS | 3 | i386 | kdegraphics | < 3.1.3-3.7 | kdegraphics-3.1.3-3.7.i386.rpm |
CentOS | 3 | i386 | kdegraphics-devel | < 3.1.3-3.7 | kdegraphics-devel-3.1.3-3.7.i386.rpm |
CentOS | 3 | ia64 | kdegraphics | < 3.1.3-3.7 | kdegraphics-3.1.3-3.7.ia64.rpm |
CentOS | 3 | ia64 | kdegraphics-devel | < 3.1.3-3.7 | kdegraphics-devel-3.1.3-3.7.ia64.rpm |
CentOS | 3 | s390 | kdegraphics | < 3.1.3-3.7 | kdegraphics-3.1.3-3.7.s390.rpm |
CentOS | 3 | s390 | kdegraphics-devel | < 3.1.3-3.7 | kdegraphics-devel-3.1.3-3.7.s390.rpm |
CentOS | 3 | s390x | kdegraphics | < 3.1.3-3.7 | kdegraphics-3.1.3-3.7.s390x.rpm |
CentOS | 3 | s390x | kdegraphics-devel | < 3.1.3-3.7 | kdegraphics-devel-3.1.3-3.7.s390x.rpm |