9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.062 Low
EPSS
Percentile
93.5%
CentOS Errata and Security Advisory CESA-2009:1130
The kdegraphics packages contain applications for the K Desktop Environment
(KDE). Scalable Vector Graphics (SVG) is an XML-based language to describe
vector images. KSVG is a framework aimed at implementing the latest W3C SVG
specifications.
A use-after-free flaw was found in the KDE KSVG animation element
implementation. A remote attacker could create a specially-crafted SVG
image, which once opened by an unsuspecting user, could cause a denial of
service (Konqueror crash) or, potentially, execute arbitrary code with the
privileges of the user running Konqueror. (CVE-2009-1709)
A NULL pointer dereference flaw was found in the KDE, KSVG SVGList
interface implementation. A remote attacker could create a
specially-crafted SVG image, which once opened by an unsuspecting user,
would cause memory corruption, leading to a denial of service (Konqueror
crash). (CVE-2009-0945)
All users of kdegraphics should upgrade to these updated packages, which
contain backported patches to correct these issues. The desktop must be
restarted (log out, then log back in) for this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-June/078171.html
https://lists.centos.org/pipermail/centos-announce/2009-June/078172.html
Affected packages:
kdegraphics
kdegraphics-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1130
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | kdegraphics | < 3.5.4-13.el5_3 | kdegraphics-3.5.4-13.el5_3.i386.rpm |
CentOS | 5 | i386 | kdegraphics-devel | < 3.5.4-13.el5_3 | kdegraphics-devel-3.5.4-13.el5_3.i386.rpm |
CentOS | 5 | i386 | kdegraphics | < 3.5.4-13.el5_3 | kdegraphics-3.5.4-13.el5_3.i386.rpm |
CentOS | 5 | i386 | kdegraphics-devel | < 3.5.4-13.el5_3 | kdegraphics-devel-3.5.4-13.el5_3.i386.rpm |
CentOS | 5 | x86_64 | kdegraphics | < 3.5.4-13.el5_3 | kdegraphics-3.5.4-13.el5_3.x86_64.rpm |
CentOS | 5 | i386 | kdegraphics-devel | < 3.5.4-13.el5_3 | kdegraphics-devel-3.5.4-13.el5_3.i386.rpm |
CentOS | 5 | x86_64 | kdegraphics-devel | < 3.5.4-13.el5_3 | kdegraphics-devel-3.5.4-13.el5_3.x86_64.rpm |
CentOS | 5 | x86_64 | kdegraphics | < 3.5.4-13.el5_3 | kdegraphics-3.5.4-13.el5_3.x86_64.rpm |
CentOS | 5 | i386 | kdegraphics-devel | < 3.5.4-13.el5_3 | kdegraphics-devel-3.5.4-13.el5_3.i386.rpm |
CentOS | 5 | x86_64 | kdegraphics-devel | < 3.5.4-13.el5_3 | kdegraphics-devel-3.5.4-13.el5_3.x86_64.rpm |