kdelibs -- buffer overflow

ID DSA-948
Type debian
Reporter Debian
Modified 2006-01-20T00:00:00


Maksim Orlovich discovered that the kjs Javascript interpreter, used in the Konqueror web browser and in other parts of KDE, performs insufficient bounds checking when parsing UTF-8 encoded Uniform Resource Identifiers, which may lead to a heap based buffer overflow and the execution of arbitrary code.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in version 3.3.2-6.4

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your kdelibs package.