• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Focus On: Vista
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns

• info
• discussion
• exploit
• solution
• references

KDE KHTML PNGLoader Heap Buffer Overflow Vulnerability

KDE KHTML is prone to a remote buffer-overflow vulnerability because it fails to perform adequate bounds checking for user-supplied input while processing malicious PNG files.

Successful exploits allow remote attackers to execute arbitrary machine code in the context of applications that use KHTML. Failed exploit attempts will likely crash applications.

Versions included with KDE from KHTML 4.0 to 4.0.3 are affected by this issue. Since KHTML is included in other third-party packages, they may also be affected, but this has not been confirmed.