Your submission was sent successfully! Close

CVE-2010-2575

Published: 30 August 2010

Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.

Priority

Medium

Status

Package Release Status
kdegraphics
Launchpad, Ubuntu, Debian
dapper Not vulnerable
(kpdf)
hardy Not vulnerable
(kpdf)
jaunty
Released (4:4.2.2-0ubuntu2.1)
karmic
Released (4:4.3.2-0ubuntu1.1)
lucid
Released (4:4.4.2-0ubuntu1.1)
maverick
Released (4:4.5.0b-0ubuntu3)
upstream
Released

Notes

AuthorNote
sbeattie
patch/cve notification from jriddell
kpdf (the precursor to okular) does not appear to be
affected

References