Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Gentoo: GLSA-201311-20 Normal: Okular Arbitrary Code Execution

gentoo
Calendar Grey November 28, 2013
Dist Gentoo Esm H88
Delve into the Gentoo announcement regarding the vulnerability in Okular causing a buffer overflow that may allow code execution. Promptly implement the provided patch!
A heap-based buffer overflow in Okular might allow a remote attacker to execute arbitrary code or cause a Denial of Service condition.

Summary

Okular contains a heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp.

Topics%20covered

Topics Covered

security advisory gentoo buffer overflow software update arbitrary code execution normal okular

Resolution

All Okular users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=kde-base/okular-4.4.5-r2"

References

[ 1 ] CVE-2010-2575 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2575

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201311-20
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: Okular: Arbitrary code execution
Date: November 28, 2013
Bugs: #334469
ID: 201311-20

Topics%20covered

Topics Covered

security advisory gentoo buffer overflow software update arbitrary code execution normal okular

Synopsis

A heap-based buffer overflow in Okular might allow a remote attacker to execute arbitrary code or cause a Denial of Service condition.

Background

Okular is a universal document viewer based on KPDF for KDE 4.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 kde-base/okular < 4.4.5-r2 >= 4.4.5-r2

Impact

===== A remote attacker could entice a user to open a specially crafted PBD file using Okular, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Related News

Your message here