{"id": "CVE-2005-1046", "bulletinFamily": "NVD", "title": "CVE-2005-1046", "description": "Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.", "published": "2005-05-02T04:00:00", "modified": "2018-10-19T15:31:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1046", "reporter": "cve@mitre.org", "references": ["http://www.redhat.com/support/errata/RHSA-2005-393.html", "http://www.securityfocus.com/bid/13096", "http://www.vupen.com/english/advisories/2005/0331", "http://www.novell.com/linux/security/advisories/2005_22_kdelibs3.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1", "http://www.kde.org/info/security/advisory-20050421-1.txt", "http://www.vupen.com/english/advisories/2007/4241", "http://secunia.com/advisories/14908", "http://www.securityfocus.com/archive/1/427976/100/0/threaded", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11081", "http://secunia.com/advisories/28114", "http://www.debian.org/security/2005/dsa-714", "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1", "http://bugs.kde.org/show_bug.cgi?id=102328", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5802"], "cvelist": ["CVE-2005-1046"], "type": "cve", "lastseen": "2020-10-03T11:34:54", "edition": 3, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:15478"]}, {"type": "freebsd", "idList": ["06404241-B306-11D9-A788-0001020EED82"]}, {"type": "debian", "idList": ["DEBIAN:DSA-714-1:A1C12"]}, {"type": "openvas", "idList": ["OPENVAS:53542", "OPENVAS:136141256231065216", "OPENVAS:52129", "OPENVAS:65216", "OPENVAS:54924"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200504-22.NASL", "FEDORA_2005-350.NASL", "UBUNTU_USN-114-1.NASL", "REDHAT-RHSA-2005-393.NASL", "DEBIAN_DSA-714.NASL", "MANDRAKE_MDKSA-2005-085.NASL", "FREEBSD_PKG_06404241B30611D9A7880001020EED82.NASL", "CENTOS_RHSA-2005-393.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200504-22"]}, {"type": "ubuntu", "idList": ["USN-114-1"]}, {"type": "centos", "idList": ["CESA-2005:393"]}, {"type": "redhat", "idList": ["RHSA-2005:393"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8416"]}, {"type": "suse", "idList": ["SUSE-SA:2005:022"]}], "modified": "2020-10-03T11:34:54", "rev": 2}, "score": {"value": 8.0, "vector": "NONE", "modified": "2020-10-03T11:34:54", "rev": 2}, "vulnersScore": 8.0}, "cpe": ["cpe:/o:kde:kde:3.4.0"], "affectedSoftware": [{"cpeName": "kde:kde", "name": "kde", "operator": "eq", "version": "3.4.0"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:o:kde:kde:3.4.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:kde:kde:3.4.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}

{"ubuntu": [{"lastseen": "2020-07-09T17:41:51", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1046"], "description": "Bruno Rohee discovered a buffer overflow in the PCX decoder of kimgio. \nIf an attacker tricked a user into loading a malicious PCX image with \na KDE application, he could exploit this to execute arbitrary code \nwith the privileges of the user opening the image.", "edition": 5, "modified": "2005-05-03T00:00:00", "published": "2005-05-03T00:00:00", "id": "USN-114-1", "href": "https://ubuntu.com/security/notices/USN-114-1", "title": "kimgio vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2018-04-06T11:38:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1046"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdelibs3\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014846 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065216", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065216", "type": "openvas", "title": "SLES9: Security update for kdelibs3", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5014846.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for kdelibs3\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdelibs3\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014846 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65216\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-1046\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for kdelibs3\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdelibs3\", rpm:\"kdelibs3~3.2.1~44.49\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1046"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdelibs3\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014846 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65216", "href": "http://plugins.openvas.org/nasl.php?oid=65216", "type": "openvas", "title": "SLES9: Security update for kdelibs3", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5014846.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for kdelibs3\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdelibs3\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014846 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65216);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-1046\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for kdelibs3\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdelibs3\", rpm:\"kdelibs3~3.2.1~44.49\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1046"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200504-22.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54924", "href": "http://plugins.openvas.org/nasl.php?oid=54924", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200504-22 (KDE)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"KDE fails to properly validate input when handling PCX images, potentially\nresulting in the execution of arbitrary code.\";\ntag_solution = \"All kdelibs users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose kde-base/kdelibs\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200504-22\nhttp://bugs.gentoo.org/show_bug.cgi?id=88862\nhttp://www.kde.org/info/security/advisory-20050421-1.txt\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200504-22.\";\n\n \n\nif(description)\n{\n script_id(54924);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-1046\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200504-22 (KDE)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"kde-base/kdelibs\", unaffected: make_list(\"rge 3.2.3-r9\", \"ge 3.3.2-r8\"), vulnerable: make_list(\"lt 3.3.2-r8\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1046"], "description": "The remote host is missing an update to kdelibs\nannounced via advisory DSA 714-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53542", "href": "http://plugins.openvas.org/nasl.php?oid=53542", "type": "openvas", "title": "Debian Security Advisory DSA 714-1 (kdelibs)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_714_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 714-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"KDE security team discovered several vulnerabilities in the PCX and\nother image file format readers in the KDE core libraries, some of\nthem exploitable to execute arbitrary code. To a small extend the\npackages in woody are affected as well.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.2.2-13.woody.14.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.3.2-5.\n\nWe recommend that you upgrade your kdelibs packages.\";\ntag_summary = \"The remote host is missing an update to kdelibs\nannounced via advisory DSA 714-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20714-1\";\n\nif(description)\n{\n script_id(53542);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:00:53 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-1046\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 714-1 (kdelibs)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kdelibs3-doc\", ver:\"2.2.2-13.woody.14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdelibs-dev\", ver:\"2.2.2-13.woody.14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdelibs3\", ver:\"2.2.2-13.woody.14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdelibs3-bin\", ver:\"2.2.2-13.woody.14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdelibs3-cups\", ver:\"2.2.2-13.woody.14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libarts\", ver:\"2.2.2-13.woody.14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libarts-alsa\", ver:\"2.2.2-13.woody.14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libarts-dev\", ver:\"2.2.2-13.woody.14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkmid\", ver:\"2.2.2-13.woody.14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkmid-alsa\", ver:\"2.2.2-13.woody.14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkmid-dev\", ver:\"2.2.2-13.woody.14\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1046"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-21T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:52129", "href": "http://plugins.openvas.org/nasl.php?oid=52129", "type": "openvas", "title": "FreeBSD Ports: kdelibs", "sourceData": "#\n#VID 06404241-b306-11d9-a788-0001020eed82\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: kdelibs\n\nCVE-2005-1046\nBuffer overflow in the kimgio library for KDE 3.4.0 allows remote\nattackers to execute arbitrary code via a crafted PCX image file.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.kde.org/102328\nhttp://www.kde.org/info/security/advisory-20050421-1.txt\nhttp://www.vuxml.org/freebsd/06404241-b306-11d9-a788-0001020eed82.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52129);\n script_version(\"$Revision: 4125 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-21 07:39:51 +0200 (Wed, 21 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-1046\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: kdelibs\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"kdelibs\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.2\")>=0 && revcomp(a:bver, b:\"3.4.0_2\")<0) {\n txt += 'Package kdelibs version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:29", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1046"], "edition": 1, "description": "### Background\n\nKDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. kimgio is the KDE image handler provided by kdelibs. \n\n### Description\n\nkimgio fails to properly validate input when handling PCX files. \n\n### Impact\n\nBy enticing a user to load a specially-crafted PCX image in a KDE application, an attacker could execute arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll kdelibs users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose kde-base/kdelibs", "modified": "2005-04-22T00:00:00", "published": "2005-04-22T00:00:00", "id": "GLSA-200504-22", "href": "https://security.gentoo.org/glsa/200504-22", "type": "gentoo", "title": "KDE kimgio: PCX handling buffer overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:11", "bulletinFamily": "software", "cvelist": ["CVE-2005-1046"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.kde.org/show_bug.cgi?id=102328\n[Vendor Specific Advisory URL](http://www.novell.com/linux/security/advisories/2005_22_kdelibs3.html)\n[Vendor Specific Advisory URL](http://archives.mandrivalinux.com/security-announce/2005-05/msg00006.php)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000953)\n[Vendor Specific Advisory URL](http://www.kde.org/info/security/advisory-20050421-1.txt)\nSecurity Tracker: 1013785\n[Secunia Advisory ID:15236](https://secuniaresearch.flexerasoftware.com/advisories/15236/)\n[Secunia Advisory ID:14908](https://secuniaresearch.flexerasoftware.com/advisories/14908/)\n[Secunia Advisory ID:15096](https://secuniaresearch.flexerasoftware.com/advisories/15096/)\n[Secunia Advisory ID:15146](https://secuniaresearch.flexerasoftware.com/advisories/15146/)\n[Secunia Advisory ID:15199](https://secuniaresearch.flexerasoftware.com/advisories/15199/)\n[Secunia Advisory ID:15407](https://secuniaresearch.flexerasoftware.com/advisories/15407/)\n[Secunia Advisory ID:15412](https://secuniaresearch.flexerasoftware.com/advisories/15412/)\n[Secunia Advisory ID:14914](https://secuniaresearch.flexerasoftware.com/advisories/14914/)\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2005_22_kdelibs3.html\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-114-1\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200504-22.xml\nOther Advisory URL: http://www.debian.org/security/2005/dsa-714\nOther Advisory URL: http://rhn.redhat.com/errata/RHSA-2005-393.html\n[CVE-2005-1046](https://vulners.com/cve/CVE-2005-1046)\n", "modified": "2005-03-24T07:47:30", "published": "2005-03-24T07:47:30", "href": "https://vulners.com/osvdb/OSVDB:15478", "id": "OSVDB:15478", "title": "KDE kdelibs kimgio Component PCX Image Processing Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-12-20T18:27:58", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1046"], "description": "**CentOS Errata and Security Advisory** CESA-2005:393\n\n\nKDE is a graphical desktop environment for the X Window System. Konqueror\nis the file manager for the K Desktop Environment. \n\nA source code audit performed by the KDE security team discovered several\nvulnerabilities in the PCX and other image file format readers.\n\nA buffer overflow was found in the kimgio library for KDE 3.4.0. An\nattacker could create a carefully crafted PCX image in such a way that it\nwould cause kimgio to execute arbitrary code when processing the image. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2005-1046 to this issue.\n\nAll users of kdelibs should upgrade to these updated packages, which\ncontain a backported security patch to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/023708.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/023710.html\n\n**Affected packages:**\nkdelibs\nkdelibs-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-393.html", "edition": 4, "modified": "2005-05-18T11:49:06", "published": "2005-05-18T01:20:41", "href": "http://lists.centos.org/pipermail/centos-announce/2005-May/023708.html", "id": "CESA-2005:393", "title": "kdelibs security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:12", "bulletinFamily": "software", "cvelist": ["CVE-2005-1046"], "description": "KDE Security Advisory: kimgio input validation errors\r\nOriginal Release Date: 2005-04-21\r\nURL: http://www.kde.org/info/security/advisory-20050421-1.txt\r\n\r\n0. References\r\n\r\n http://bugs.kde.org/102328\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046\r\n\r\n\r\n1. Systems affected:\r\n\r\n kdelibs as shipped with KDE 3.2 up to including KDE 3.4.\r\n\r\n\r\n2. Overview:\r\n\r\n kimgio contains a PCX image file format reader that does\r\n not properly perform input validation. A source code audit\r\n performed by the KDE security team discovered several\r\n vulnerabilities in the PCX and other image file format\r\n readers, some of them exploitable to execute arbitrary\r\n code.\r\n\r\n\r\n3. Impact:\r\n\r\n Remotly supplied, specially crafted image files can be used\r\n to execute arbitrary code.\r\n\r\n\r\n4. Solution:\r\n\r\n Source code patches have been made available which fix these\r\n vulnerabilities. Contact your OS vendor / binary package provider\r\n for information about how to obtain updated binary packages.\r\n\r\n\r\n5. Patch:\r\n\r\n A patch for KDE 3.4.0 is available from \r\n ftp://ftp.kde.org/pub/kde/security_patches :\r\n\r\n 78473d4dad612e6617eb6652eec2ab80 post-3.4.0-kdelibs-kimgio.diff\r\n\r\n A patch for KDE 3.3.2 is available from \r\n ftp://ftp.kde.org/pub/kde/security_patches :\r\n\r\n 8366d0e5c8101c315a0bdafac54536d6 post-3.3.2-kdelibs-kimgio.diff\r\n\r\n\r\n6. Time line and credits:\r\n\r\n 24/03/2005 Notification of KDE by Bruno Rohee\r\n 21/04/2005 Coordinated Public Disclosure\r\n\r\n", "edition": 1, "modified": "2005-04-23T00:00:00", "published": "2005-04-23T00:00:00", "id": "SECURITYVULNS:DOC:8416", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:8416", "title": "[KDE Security Advisory]: kimgio input validation errors", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:14:47", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1046"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 714-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 26th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : kdelibs\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2005-1046\n\nKDE security team discovered several vulnerabilities in the PCX and\nother image file format readers in the KDE core libraries, some of\nthem exploitable to execute arbitrary code. To a small extend the\npackages in woody are affected as well.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.2.2-13.woody.14.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.3.2-5.\n\nWe recommend that you upgrade your kdelibs packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.14.dsc\n Size/MD5 checksum: 1355 2edeb0458baefabf6cad7e312f34712e\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.14.diff.gz\n Size/MD5 checksum: 61029 aab99bcaa38986b246b4c390b3d6240f\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz\n Size/MD5 checksum: 6396699 7a9277a2e727821338f751855c2ce5d3\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.14_all.deb\n Size/MD5 checksum: 2566570 bf158da1274e633190acdea02ff3a6b2\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_alpha.deb\n Size/MD5 checksum: 757842 c36da42fb8265860b8867e45206c9185\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_alpha.deb\n Size/MD5 checksum: 7533646 6c306edc12186660b14b05cc05176905\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_alpha.deb\n Size/MD5 checksum: 137658 6f108583d6fa4b9faedc63815e8debd9\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_alpha.deb\n Size/MD5 checksum: 202316 8c6888e10724394268186d5e02187e48\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_alpha.deb\n Size/MD5 checksum: 1022540 4415412df2720a1f2a2a2d4d96a0f67f\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_alpha.deb\n Size/MD5 checksum: 1029392 e48959c7502219939d7ae0c978a137f9\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_alpha.deb\n Size/MD5 checksum: 198464 06ed7e88d3d172eb614e1bfebc715a84\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_alpha.deb\n Size/MD5 checksum: 175010 69a33131b2910a627277a0fe6a8a347c\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_alpha.deb\n Size/MD5 checksum: 178430 bdd26c67147a6fe2f330693d4115ff34\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_alpha.deb\n Size/MD5 checksum: 37504 82131f7d56034cd5e3fb51bb93feb3ee\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_arm.deb\n Size/MD5 checksum: 744050 494a6b5e13989bb1af655a08fc6b034d\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_arm.deb\n Size/MD5 checksum: 6605028 f82ea87f6cb02efbba5f15eb84d9600a\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_arm.deb\n Size/MD5 checksum: 104870 62c8b620f4902992a797e17d5b5e80c3\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_arm.deb\n Size/MD5 checksum: 186886 7a931840616877b3a64d5d8a9fdf0b5f\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_arm.deb\n Size/MD5 checksum: 652040 a5553896972a43d53cc439ef3b1e4c08\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_arm.deb\n Size/MD5 checksum: 655674 294711360824657a7d82322913a0052a\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_arm.deb\n Size/MD5 checksum: 156014 5f773c03b00e642344491753752f90d0\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_arm.deb\n Size/MD5 checksum: 125094 1f8527c29f51feec519d194347891a2f\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_arm.deb\n Size/MD5 checksum: 128216 644d9e2f238ae3674c0bbefc3abd0913\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_arm.deb\n Size/MD5 checksum: 37508 555511e6d1542dd85b3f2525a8d1f179\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_i386.deb\n Size/MD5 checksum: 743320 91785fa72bd2f7d60f5c1a20fcee6edd\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_i386.deb\n Size/MD5 checksum: 6619904 3cb4a66ec80635e08a33d18cbc539c31\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_i386.deb\n Size/MD5 checksum: 106408 03e67ed6c91058b72c9421aba5a29fd5\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_i386.deb\n Size/MD5 checksum: 183424 5b34a15931eca4001dca956b74a4a827\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_i386.deb\n Size/MD5 checksum: 625580 1a9670079bedc52aaf36d50f65a6cdfe\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_i386.deb\n Size/MD5 checksum: 629740 eb924c6a36898ed0f4154e92271302a6\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_i386.deb\n Size/MD5 checksum: 155318 67ae607a8ce21027cd3c73805c464cab\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_i386.deb\n Size/MD5 checksum: 123770 196d19248c6671040e3fc9204c308273\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_i386.deb\n Size/MD5 checksum: 126846 ed76442966d9757101beaa782d8bf8f1\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_i386.deb\n Size/MD5 checksum: 37486 1a4128190396a577ef04466930cc6e6b\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_ia64.deb\n Size/MD5 checksum: 768242 1237c0dfd23668879908a2a2965c227a\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_ia64.deb\n Size/MD5 checksum: 8843698 da72b2d17c7c26c9db8f9bc23f92564f\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_ia64.deb\n Size/MD5 checksum: 154020 43c47aa7108caa693157bffec1c72447\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_ia64.deb\n Size/MD5 checksum: 257678 d2d312195da96a197e9949834c7e6da8\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_ia64.deb\n Size/MD5 checksum: 1045820 85d7913da76ecf49dd7ee0c6834204cd\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_ia64.deb\n Size/MD5 checksum: 1051304 8cbdc7d36e899a4f71fdea223ec6c88c\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_ia64.deb\n Size/MD5 checksum: 199792 f4c638fa150d33b228f5bcdd7d27df8a\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_ia64.deb\n Size/MD5 checksum: 185778 fec5f64d251724241d42347c73b68319\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_ia64.deb\n Size/MD5 checksum: 191298 a9e1f44bb6d66f786f06e15ae0c0560c\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_ia64.deb\n Size/MD5 checksum: 37496 f7ee54e15c6247ddaf296e62b9dc2ef2\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_hppa.deb\n Size/MD5 checksum: 750128 5cde6628d6065687f32d23ca42c4b4a2\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_hppa.deb\n Size/MD5 checksum: 7367572 ad1e68fa713ed91b5ccb8f14fb97a023\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_hppa.deb\n Size/MD5 checksum: 117832 be8e58fb33a273b8ea4c3f55585a430d\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_hppa.deb\n Size/MD5 checksum: 218258 8035d8010c52bc2567400dd48fce0c02\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_hppa.deb\n Size/MD5 checksum: 1112036 a04250ae1a33687931f7d180e925c6a1\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_hppa.deb\n Size/MD5 checksum: 1115628 a0d26fa493cfa9fc3775b9eaa16222da\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_hppa.deb\n Size/MD5 checksum: 208046 b6c325233fcb98d2a8d724feaa607c36\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_hppa.deb\n Size/MD5 checksum: 172310 4f1e932b44e8a542624b77b5ad27ff7e\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_hppa.deb\n Size/MD5 checksum: 176484 db2f63e71a237953ecd5a8fa8604c465\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_hppa.deb\n Size/MD5 checksum: 37500 bce68008ede6c63e44500e616331fbb6\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_m68k.deb\n Size/MD5 checksum: 740488 80ebcca522f2b3cf87005f0f9f3555e4\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_m68k.deb\n Size/MD5 checksum: 6485098 7959f90d7d271535222901edc139c273\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_m68k.deb\n Size/MD5 checksum: 103950 f59690bd51e8b1c9809f9df9198d6b37\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_m68k.deb\n Size/MD5 checksum: 178844 dec6510a262922ed8b4b3dd9471d024d\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_m68k.deb\n Size/MD5 checksum: 629010 8bd957e00e0593af9dba939fe64ac3c8\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_m68k.deb\n Size/MD5 checksum: 633518 840ab067671bd13996dc51ddf55e3ac8\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_m68k.deb\n Size/MD5 checksum: 151550 713a805ea7a0d530950183b90f60958a\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_m68k.deb\n Size/MD5 checksum: 121080 542da8694055f5d3e218e7e8adf456c2\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_m68k.deb\n Size/MD5 checksum: 124000 a10868d87ef70a54db09abc0df4434c5\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_m68k.deb\n Size/MD5 checksum: 37512 1ad80019230d31fe389ba146771e7ed5\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_mips.deb\n Size/MD5 checksum: 740276 960ceb78e82e2df114c7c1fdbfaf45e5\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_mips.deb\n Size/MD5 checksum: 6284820 5d7c8d96e691e9026975b7f03071662d\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_mips.deb\n Size/MD5 checksum: 107202 4954f1153e012cb625fb675bdefcbe40\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_mips.deb\n Size/MD5 checksum: 161288 2113879170ac67549384ced2a64ea5a2\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_mips.deb\n Size/MD5 checksum: 621216 433ab8e45480b9db258a42b11a2d83c2\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_mips.deb\n Size/MD5 checksum: 625566 4e7b13c2d0cc10469b5524728024ca01\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_mips.deb\n Size/MD5 checksum: 176214 65e13e2bf05121c6a4c3dedd12ef7379\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_mips.deb\n Size/MD5 checksum: 124612 5f37f8c5aea38bf745f1bc83917fc2af\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_mips.deb\n Size/MD5 checksum: 127616 ed13fd47b01ec4c1e932b2e1ab9a5097\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_mips.deb\n Size/MD5 checksum: 37512 e89bae84f5d23e44bc8a8c97f90beca5\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_mipsel.deb\n Size/MD5 checksum: 739614 b6c96307d8e4bb13eb8030c3c9d8b4fc\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_mipsel.deb\n Size/MD5 checksum: 6190894 05e576bc649eaa947db4841872bd9af5\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_mipsel.deb\n Size/MD5 checksum: 106208 8b5bad7478c2817b381090e0dbb29795\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_mipsel.deb\n Size/MD5 checksum: 159544 3dce69d70433c6d2cb49d875e139eeaa\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_mipsel.deb\n Size/MD5 checksum: 614058 838c176f4bd39640a5ba9c37f0a38cc5\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_mipsel.deb\n Size/MD5 checksum: 617518 d35cd5459d046df52ddfc0211141ef73\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_mipsel.deb\n Size/MD5 checksum: 175364 a77dcb1b7f29aa1603aa20f642ad824e\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_mipsel.deb\n Size/MD5 checksum: 123628 fd6962b418fe4c33bf1364429f16446b\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_mipsel.deb\n Size/MD5 checksum: 126584 d3170d436f8ffc0a74a1ddc43e1788f3\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_mipsel.deb\n Size/MD5 checksum: 37508 ca51ad9bea2b452af76e86e632c111e9\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_powerpc.deb\n Size/MD5 checksum: 741300 eb89bb59fa2f161b35999d9181dc01db\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_powerpc.deb\n Size/MD5 checksum: 6743570 9619dca36a404d209f93232279508185\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_powerpc.deb\n Size/MD5 checksum: 106326 242e987d56b6c372b591033cffde91b7\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_powerpc.deb\n Size/MD5 checksum: 182946 f5c3f5cc9ddd5076345bd66c59231ba0\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_powerpc.deb\n Size/MD5 checksum: 691316 d137a0428c5e4fd3fae8a7831bdadb3e\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_powerpc.deb\n Size/MD5 checksum: 695130 cb7e5a47e2e9892227a3a5dddc726bfd\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_powerpc.deb\n Size/MD5 checksum: 154244 fec6e32c9e1a7ed943d7a1984324426a\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_powerpc.deb\n Size/MD5 checksum: 127922 b73520e3822413ccb507185c56af1ced\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_powerpc.deb\n Size/MD5 checksum: 130804 133638aa6468f9c8bc6f2f6f5e2e4e67\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_powerpc.deb\n Size/MD5 checksum: 37504 38201cb34cd63798675dfa5a9e6e90d7\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_s390.deb\n Size/MD5 checksum: 742784 36239887c0e7e88e721de5d16a082551\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_s390.deb\n Size/MD5 checksum: 6744134 5dae1ac50b4f78dc705d8781f9ef1ea7\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_s390.deb\n Size/MD5 checksum: 110856 f862feecc410247fc5d40776d04de014\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_s390.deb\n Size/MD5 checksum: 177308 adbae20e71534d6771cf8fcea380e453\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_s390.deb\n Size/MD5 checksum: 642670 5165b9299b59b6e905f2e18f2958afa5\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_s390.deb\n Size/MD5 checksum: 647630 7210303f5483407c297c3a1e62e1e5c7\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_s390.deb\n Size/MD5 checksum: 151798 d0b717e3aee78f6f708b7f086b9741c0\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_s390.deb\n Size/MD5 checksum: 130248 edbc32000c6054ba200e3522c9628551\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_s390.deb\n Size/MD5 checksum: 133674 7da46cc510872323bebcd09c58fff19a\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_s390.deb\n Size/MD5 checksum: 37500 ce0714242e7e0a595a903e1459f5a0c1\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_sparc.deb\n Size/MD5 checksum: 742142 9e26ee08c924af025f0015880960c971\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_sparc.deb\n Size/MD5 checksum: 6580444 ec9e9aa4f144a0403c51b57992708ff0\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_sparc.deb\n Size/MD5 checksum: 118130 390c3ba206654dab2a387f4371411fd0\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_sparc.deb\n Size/MD5 checksum: 184540 55586ba0a39f1f3c3daa6b0c2081afc5\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_sparc.deb\n Size/MD5 checksum: 665362 d0e8852e1e5be139a9f93b0ef1dcc0ad\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_sparc.deb\n Size/MD5 checksum: 669202 708f0b996113a04debec2665e1df2c8e\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_sparc.deb\n Size/MD5 checksum: 152176 e8839c77be54061471e8e0a352d91ae1\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_sparc.deb\n Size/MD5 checksum: 129038 9324be7e3be679679ea97ffa5b29b6b5\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_sparc.deb\n Size/MD5 checksum: 131742 f450e2fb20246271a2b12f53bcdd76be\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_sparc.deb\n Size/MD5 checksum: 37498 f6acc8a4444b7e0794d8e675ca403369\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 9, "modified": "2005-04-26T00:00:00", "published": "2005-04-26T00:00:00", "id": "DEBIAN:DSA-714-1:A1C12", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00096.html", "title": "[SECURITY] [DSA 714-1] New kdelibs packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:24:49", "description": "Updated kdelibs packages that fix a flaw in kimgio input validation\nare now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nKDE is a graphical desktop environment for the X Window System.\nKonqueror is the file manager for the K Desktop Environment.\n\nA source code audit performed by the KDE security team discovered\nseveral vulnerabilities in the PCX and other image file format\nreaders.\n\nA buffer overflow was found in the kimgio library for KDE 3.4.0. An\nattacker could create a carefully crafted PCX image in such a way that\nit would cause kimgio to execute arbitrary code when processing the\nimage. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-1046 to this issue.\n\nAll users of kdelibs should upgrade to these updated packages, which\ncontain a backported security patch to correct these issues.", "edition": 26, "published": "2006-07-05T00:00:00", "title": "CentOS 4 : kdelibs (CESA-2005:393)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1046"], "modified": "2006-07-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kdelibs", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:kdelibs-devel"], "id": "CENTOS_RHSA-2005-393.NASL", "href": "https://www.tenable.com/plugins/nessus/21933", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:393 and \n# CentOS Errata and Security Advisory 2005:393 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21933);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-1046\");\n script_xref(name:\"RHSA\", value:\"2005:393\");\n\n script_name(english:\"CentOS 4 : kdelibs (CESA-2005:393)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdelibs packages that fix a flaw in kimgio input validation\nare now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nKDE is a graphical desktop environment for the X Window System.\nKonqueror is the file manager for the K Desktop Environment.\n\nA source code audit performed by the KDE security team discovered\nseveral vulnerabilities in the PCX and other image file format\nreaders.\n\nA buffer overflow was found in the kimgio library for KDE 3.4.0. An\nattacker could create a carefully crafted PCX image in such a way that\nit would cause kimgio to execute arbitrary code when processing the\nimage. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-1046 to this issue.\n\nAll users of kdelibs should upgrade to these updated packages, which\ncontain a backported security patch to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-May/011670.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63c40e62\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-May/011672.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0a706a0d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"kdelibs-3.3.1-3.10\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"kdelibs-devel-3.3.1-3.10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:03:19", "description": "KDE security team discovered several vulnerabilities in the PCX and\nother image file format readers in the KDE core libraries, some of\nthem exploitable to execute arbitrary code. To a small extent the\npackages in woody are affected as well.", "edition": 25, "published": "2005-04-27T00:00:00", "title": "Debian DSA-714-1 : kdelibs - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1046"], "modified": "2005-04-27T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:kdelibs"], "id": "DEBIAN_DSA-714.NASL", "href": "https://www.tenable.com/plugins/nessus/18143", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-714. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18143);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-1046\");\n script_xref(name:\"DSA\", value:\"714\");\n\n script_name(english:\"Debian DSA-714-1 : kdelibs - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"KDE security team discovered several vulnerabilities in the PCX and\nother image file format readers in the KDE core libraries, some of\nthem exploitable to execute arbitrary code. To a small extent the\npackages in woody are affected as well.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-714\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the kdelibs packages.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.2.2-13.woody.14.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"kdelibs-dev\", reference:\"2.2.2-13.woody.14\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kdelibs3\", reference:\"2.2.2-13.woody.14\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kdelibs3-bin\", reference:\"2.2.2-13.woody.14\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kdelibs3-cups\", reference:\"2.2.2-13.woody.14\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kdelibs3-doc\", reference:\"2.2.2-13.woody.14\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libarts\", reference:\"2.2.2-13.woody.14\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libarts-alsa\", reference:\"2.2.2-13.woody.14\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libarts-dev\", reference:\"2.2.2-13.woody.14\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libkmid\", reference:\"2.2.2-13.woody.14\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libkmid-alsa\", reference:\"2.2.2-13.woody.14\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libkmid-dev\", reference:\"2.2.2-13.woody.14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:39:37", "description": "A KDE Security Advisory reports :\n\nkimgio contains a PCX image file format reader that does not properly\nperform input validation. A source code audit performed by the KDE\nsecurity team discovered several vulnerabilities in the PCX and other\nimage file format readers, some of them exploitable to execute\narbitrary code.\n\nImpact: Remotely supplied, specially crafted image files can be used\nto execute arbitrary code.", "edition": 25, "published": "2005-07-13T00:00:00", "title": "FreeBSD : kdelibs -- kimgio input validation errors (06404241-b306-11d9-a788-0001020eed82)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1046"], "modified": "2005-07-13T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:kdelibs"], "id": "FREEBSD_PKG_06404241B30611D9A7880001020EED82.NASL", "href": "https://www.tenable.com/plugins/nessus/18828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18828);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-1046\");\n\n script_name(english:\"FreeBSD : kdelibs -- kimgio input validation errors (06404241-b306-11d9-a788-0001020eed82)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A KDE Security Advisory reports :\n\nkimgio contains a PCX image file format reader that does not properly\nperform input validation. A source code audit performed by the KDE\nsecurity team discovered several vulnerabilities in the PCX and other\nimage file format readers, some of them exploitable to execute\narbitrary code.\n\nImpact: Remotely supplied, specially crafted image files can be used\nto execute arbitrary code.\"\n );\n # http://bugs.kde.org/102328\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.kde.org/102328\"\n );\n # http://www.kde.org/info/security/advisory-20050421-1.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kde.org/info/security/advisory-20050421-1.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/06404241-b306-11d9-a788-0001020eed82.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b246f618\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"kdelibs>=3.2<3.4.0_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:26", "description": "A buffer overflow in the PCX decoder of kimgio was discovered by Bruno\nRohee. If an attacker could trick a user into loading a malicious PCX\nimage with any KDE application, he could cause the execution of\narbitrary code with the privileges of the user opening the image.\n\nThe provided packages have been patched to correct this issue.\n\nIn addition, the LE2005 packages contain fixes to configuring email\ninto kbugreport, fixing a KDE crasher bug, fixing a kicondialog bug, a\nKHTML bug, and a knewsticker export symbol problem.", "edition": 25, "published": "2005-05-17T00:00:00", "title": "Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:085)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1046"], "modified": "2005-05-17T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64kdecore4-devel", "p-cpe:/a:mandriva:linux:kdelibs-common", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005", "p-cpe:/a:mandriva:linux:libkdecore4-devel", "p-cpe:/a:mandriva:linux:lib64kdecore4", "p-cpe:/a:mandriva:linux:libkdecore4"], "id": "MANDRAKE_MDKSA-2005-085.NASL", "href": "https://www.tenable.com/plugins/nessus/18274", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:085. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18274);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-1046\");\n script_xref(name:\"MDKSA\", value:\"2005:085\");\n\n script_name(english:\"Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:085)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow in the PCX decoder of kimgio was discovered by Bruno\nRohee. If an attacker could trick a user into loading a malicious PCX\nimage with any KDE application, he could cause the execution of\narbitrary code with the privileges of the user opening the image.\n\nThe provided packages have been patched to correct this issue.\n\nIn addition, the LE2005 packages contain fixes to configuring email\ninto kbugreport, fixing a KDE crasher bug, fixing a kicondialog bug, a\nKHTML bug, and a knewsticker export symbol problem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.kde.org/show_bug.cgi?id=101577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.kde.org/show_bug.cgi?id=104475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.kde.org/show_bug.cgi?id=99970\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdelibs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", reference:\"kdelibs-common-3.2.3-106.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64kdecore4-3.2.3-106.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64kdecore4-devel-3.2.3-106.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libkdecore4-3.2.3-106.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libkdecore4-devel-3.2.3-106.1.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"kdelibs-common-3.3.2-124.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64kdecore4-3.3.2-124.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64kdecore4-devel-3.3.2-124.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libkdecore4-3.3.2-124.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libkdecore4-devel-3.3.2-124.1.102mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:51:56", "description": "The remote host is affected by the vulnerability described in GLSA-200504-22\n(KDE kimgio: PCX handling buffer overflow)\n\n kimgio fails to properly validate input when handling PCX files.\n \nImpact :\n\n By enticing a user to load a specially crafted PCX image in a KDE\n application, an attacker could execute arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2005-04-25T00:00:00", "title": "GLSA-200504-22 : KDE kimgio: PCX handling buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1046"], "modified": "2005-04-25T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:kdelibs", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200504-22.NASL", "href": "https://www.tenable.com/plugins/nessus/18125", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200504-22.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18125);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-1046\");\n script_xref(name:\"GLSA\", value:\"200504-22\");\n\n script_name(english:\"GLSA-200504-22 : KDE kimgio: PCX handling buffer overflow\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200504-22\n(KDE kimgio: PCX handling buffer overflow)\n\n kimgio fails to properly validate input when handling PCX files.\n \nImpact :\n\n By enticing a user to load a specially crafted PCX image in a KDE\n application, an attacker could execute arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://www.kde.org/info/security/advisory-20050421-1.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kde.org/info/security/advisory-20050421-1.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200504-22\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All kdelibs users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose kde-base/kdelibs\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"kde-base/kdelibs\", unaffected:make_list(\"rge 3.2.3-r9\", \"ge 3.3.2-r8\"), vulnerable:make_list(\"lt 3.3.2-r8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KDE kimgio\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:05:50", "description": "A buffer overflow was found in the kimgio library for KDE 3.3.1. An\nattacker could create a carefully crafted PCX image in such a way that\nit would cause kimgio to execute arbitrary code when processing the\nimage. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-1046 to this issue.\n\nAll users of kdelibs should upgrade to these updated packages, which\ncontain a backported security patch to correct these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2012-09-24T00:00:00", "title": "Fedora Core 3 : kdelibs-3.3.1-2.12.FC3 (2005-350)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1046"], "modified": "2012-09-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora_core:3", "p-cpe:/a:fedoraproject:fedora:kdelibs-debuginfo", "p-cpe:/a:fedoraproject:fedora:kdelibs", "p-cpe:/a:fedoraproject:fedora:kdelibs-devel"], "id": "FEDORA_2005-350.NASL", "href": "https://www.tenable.com/plugins/nessus/62258", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-350.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62258);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2005-1046\");\n script_xref(name:\"FEDORA\", value:\"2005-350\");\n\n script_name(english:\"Fedora Core 3 : kdelibs-3.3.1-2.12.FC3 (2005-350)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow was found in the kimgio library for KDE 3.3.1. An\nattacker could create a carefully crafted PCX image in such a way that\nit would cause kimgio to execute arbitrary code when processing the\nimage. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-1046 to this issue.\n\nAll users of kdelibs should upgrade to these updated packages, which\ncontain a backported security patch to correct these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-May/000889.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f15c817\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kdelibs, kdelibs-debuginfo and / or kdelibs-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdelibs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"kdelibs-3.3.1-2.12.FC3\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"kdelibs-debuginfo-3.3.1-2.12.FC3\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"kdelibs-devel-3.3.1-2.12.FC3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-debuginfo / kdelibs-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:35:04", "description": "Bruno Rohee discovered a buffer overflow in the PCX decoder of kimgio.\nIf an attacker tricked a user into loading a malicious PCX image with\na KDE application, he could exploit this to execute arbitrary code\nwith the privileges of the user opening the image.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2006-01-15T00:00:00", "title": "Ubuntu 5.04 : kdelibs vulnerability (USN-114-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1046"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:kdelibs4-dev", "p-cpe:/a:canonical:ubuntu_linux:kdelibs4", "cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:kdelibs", "p-cpe:/a:canonical:ubuntu_linux:kdelibs4-doc", "p-cpe:/a:canonical:ubuntu_linux:kdelibs-bin", "p-cpe:/a:canonical:ubuntu_linux:kdelibs-data"], "id": "UBUNTU_USN-114-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20501", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-114-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20501);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:33:00\");\n\n script_cve_id(\"CVE-2005-1046\");\n script_xref(name:\"USN\", value:\"114-1\");\n\n script_name(english:\"Ubuntu 5.04 : kdelibs vulnerability (USN-114-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bruno Rohee discovered a buffer overflow in the PCX decoder of kimgio.\nIf an attacker tricked a user into loading a malicious PCX image with\na KDE application, he could exploit this to execute arbitrary code\nwith the privileges of the user opening the image.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kdelibs\", pkgver:\"3.4.0-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kdelibs-bin\", pkgver:\"3.4.0-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kdelibs-data\", pkgver:\"3.4.0-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kdelibs4\", pkgver:\"3.4.0-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kdelibs4-dev\", pkgver:\"3.4.0-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kdelibs4-doc\", pkgver:\"3.4.0-0ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-bin / kdelibs-data / kdelibs4 / kdelibs4-dev / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:05:28", "description": "Updated kdelibs packages that fix a flaw in kimgio input validation\nare now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nKDE is a graphical desktop environment for the X Window System.\nKonqueror is the file manager for the K Desktop Environment.\n\nA source code audit performed by the KDE security team discovered\nseveral vulnerabilities in the PCX and other image file format\nreaders.\n\nA buffer overflow was found in the kimgio library for KDE 3.4.0. An\nattacker could create a carefully crafted PCX image in such a way that\nit would cause kimgio to execute arbitrary code when processing the\nimage. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-1046 to this issue.\n\nAll users of kdelibs should upgrade to these updated packages, which\ncontain a backported security patch to correct these issues.", "edition": 28, "published": "2005-05-17T00:00:00", "title": "RHEL 4 : kdelibs (RHSA-2005:393)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1046"], "modified": "2005-05-17T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:kdelibs", "p-cpe:/a:redhat:enterprise_linux:kdelibs-devel"], "id": "REDHAT-RHSA-2005-393.NASL", "href": "https://www.tenable.com/plugins/nessus/18279", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:393. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18279);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1046\");\n script_xref(name:\"RHSA\", value:\"2005:393\");\n\n script_name(english:\"RHEL 4 : kdelibs (RHSA-2005:393)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdelibs packages that fix a flaw in kimgio input validation\nare now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nKDE is a graphical desktop environment for the X Window System.\nKonqueror is the file manager for the K Desktop Environment.\n\nA source code audit performed by the KDE security team discovered\nseveral vulnerabilities in the PCX and other image file format\nreaders.\n\nA buffer overflow was found in the kimgio library for KDE 3.4.0. An\nattacker could create a carefully crafted PCX image in such a way that\nit would cause kimgio to execute arbitrary code when processing the\nimage. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-1046 to this issue.\n\nAll users of kdelibs should upgrade to these updated packages, which\ncontain a backported security patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1046\"\n );\n # http://bugs.kde.org/102328\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.kde.org/102328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:393\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdelibs and / or kdelibs-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/05/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:393\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kdelibs-3.3.1-3.10\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"kdelibs-devel-3.3.1-3.10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-devel\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:51", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1046"], "description": "KDE is a graphical desktop environment for the X Window System. Konqueror\nis the file manager for the K Desktop Environment. \n\nA source code audit performed by the KDE security team discovered several\nvulnerabilities in the PCX and other image file format readers.\n\nA buffer overflow was found in the kimgio library for KDE 3.4.0. An\nattacker could create a carefully crafted PCX image in such a way that it\nwould cause kimgio to execute arbitrary code when processing the image. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2005-1046 to this issue.\n\nAll users of kdelibs should upgrade to these updated packages, which\ncontain a backported security patch to correct these issues.", "modified": "2017-09-08T11:54:16", "published": "2005-05-17T04:00:00", "id": "RHSA-2005:393", "href": "https://access.redhat.com/errata/RHSA-2005:393", "type": "redhat", "title": "(RHSA-2005:393) kdelibs security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:59", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1046"], "description": "\nA KDE Security Advisory reports:\n\nkimgio contains a PCX image file format reader that does\n\t not properly perform input validation. A source code audit\n\t performed by the KDE security team discovered several\n\t vulnerabilities in the PCX and other image file format\n\t readers, some of them exploitable to execute arbitrary\n\t code.\nImpact: Remotely supplied, specially\n\t crafted image files can be used to execute arbitrary\n\t code.\n\n", "edition": 4, "modified": "2005-04-21T00:00:00", "published": "2005-04-21T00:00:00", "id": "06404241-B306-11D9-A788-0001020EED82", "href": "https://vuxml.freebsd.org/freebsd/06404241-b306-11d9-a788-0001020eed82.html", "title": "kdelibs -- kimgio input validation errors", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:29:42", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1046", "CVE-2005-0233", "CVE-2005-0237", "CVE-2005-0396"], "description": "Several vulnerabilities have been identified and fixed in the KDE desktop environment.\n#### Solution\nPlease install the updated packages.", "edition": 1, "modified": "2005-04-11T15:41:36", "published": "2005-04-11T15:41:36", "id": "SUSE-SA:2005:022", "href": "http://lists.opensuse.org/opensuse-security-announce/2005-04/msg00013.html", "type": "suse", "title": "remote code execution in kdelibs3", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}