kdegraphics -- buffer overflow

ID DSA-1408
Type debian
Reporter Debian
Modified 2007-11-21T00:00:00


Alin Rad Pop discovered a buffer overflow in kpdf, which could allow the execution of arbitrary code if a malformed PDF file is displayed.

The old stable distribution (sarge) will be fixed later.

For the stable distribution (etch), this problem has been fixed in version 4:3.5.5-3etch2. Builds for arm and sparc are not yet available.

We recommend that you upgrade your kdegraphics packages.