Back to list
[KDE Security Advisory] kpdf/kword/xpdf denial of service vulnerability
Jan 16 2007 10:26AM
Dirk Mueller (mueller kde org)
KDE Security Advisory: kpdf/kword/xpdf denial of service vulnerability
Original Release Date: 2007-01-15
1. Systems affected:
KDE 3.2.0 up to including KDE 3.5.5. KDE 3.5.6 and newer is
not affected. KOffice 1.2 and newer contain the same code.
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a vulnerability that can cause denial of service (infinite loop)
via a PDF file that contains a crafted catalog dictionary
or a crafted Pages attribute that references an invalid page
Remotely supplied pdf files can be used to disrupt the kpdf
viewer on the client machine.
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
Patch for KOffice 1.2.1 and newer is available from
Patch for KDE 3.3.2 and newer is available from
Patch for KDE 3.2.3 and newer is available from
[ reply ]
Copyright 2010, SecurityFocus