|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200602-05] KPdf: Heap based overflow Vulnerability Scan
Vulnerability Scan Summary KPdf: Heap based overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200602-05
(KPdf: Heap based overflow)
KPdf includes Xpdf code to handle PDF files. Dirk Mueller
discovered that the Xpdf code is vulnerable a heap based overflow in
the splash rasterizer engine.
Impact
A possible hacker could entice a user to open a specially crafted PDF
file with Kpdf, potentially resulting in the execution of arbitrary
code with the rights of the user running the affected application.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301
http://www.kde.org/info/security/advisory-20060202-1.txt
Solution:
All kdegraphics users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.4.3-r4"
All Kpdf users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.4.3-r4"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|