Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:143: kdegraphics Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the kdegraphics package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:143 (kdegraphics).
Wouter Hanegraaff discovered that the TIFF library did not sufficiently
validate the 'YCbCr subsampling' value in TIFF image headers. Decoding a
malicious image with a zero value resulted in an arithmetic exception, which
can cause a program that uses the TIFF library to crash.
Kdegraphics < 3.3 uses an embedded libtiff source tree for kfax, and as such
has the same vulnerability.
The updated packages are patched to protect against this vulnerability.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:143
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.