10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
“infamous41md” and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, that can
lead to a denial of service by crashing the application or possibly to
the execution of arbitrary code. The same code is present in kpdf
which is part of the kdegraphics package.
The old stable distribution (woody) does not contain kpdf packages.
For the stable distribution (sarge) these problems have been fixed in
version 3.3.2-2sarge3.
For the unstable distribution (sid) these problems have been fixed in
version 3.5.0-3.
We recommend that you upgrade your kpdf package.
CPE | Name | Operator | Version |
---|---|---|---|
kdegraphics | eq | 4:3.3.2-2sarge1 | |
kdegraphics | eq | 4:3.3.2-2sarge2 | |
kdegraphics | eq | 4:3.3.2-2 |