KDE 1535 Published by

KDE Security Advisory [UPDATED]: kpdf/xpdf multiple integer overflows
Original Release Date: 2005-12-07
Final Release Date: 2006-01-03
URL: http://www.kde.org/info/security/advisory-20051207-2.txt

0. References
CAN-2005-3191
CAN-2005-3192
CAN-2005-3193
CVE-2005-3624
CVE-2005-3625
CVE-2005-3626
CVE-2005-3627
CESA-2005-003

1. Systems affected:

KDE 3.2.0 up to including KDE 3.5.0
KOffice 1.3.0 up to including KOffice 1.4.2



2. Overview:

kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
multiple integer overflow vulnerabilities that allow specially
crafted pdf files, when opened, to overflow heap allocated
buffers and execute arbitrary code.

The patches announced in the KDE security advisory 20051207-1
were incomplete. This re-issued advisory contains updated patches
that correct issues with the original upstream patch that were
found and fixed by Ludwig Nussel, Martin Pitt and Chris Evans.
The previous patches and advisory have been removed.

3. Impact:

Remotely supplied pdf files can be used to execute arbitrary
code on the client machine.

4. Solution:

Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.

5. Patch:

Patch for KDE 3.5.0 is available from
ftp://ftp.kde.org/pub/kde/security_patches :

17ea076e986be5e26a4feea3cd264f7e
post-3.5.0-kdegraphics-CAN-2005-3193.diff

Patch for KDE 3.4.3 is available from
ftp://ftp.kde.org/pub/kde/security_patches :

e8dde74416769d4589dcca25072aea3e
post-3.4.3-kdegraphics-CAN-2005-3193.diff

Patch for KDE 3.3.2 is available from
ftp://ftp.kde.org/pub/kde/security_patches :

fe38b0728e5e2b000eb04e037536f330
post-3.3.2-kdegraphics-CAN-2005-3193.diff

Patch for KDE 3.2.3 is available from
ftp://ftp.kde.org/pub/kde/security_patches :

51ae90242b7e65ba34c704b38c91cfbe
post-3.2.3-kdegraphics-CAN-2005-3193.diff

Patch for KOffice 1.3.0 and newer is available from
ftp://ftp.kde.org/pub/kde/security_patches :

939b41e59cfb5f738e9b6fcfff4faf48
post-1.3-koffice-CAN-2005-3193.diff