KDE kdegraphics JPEG kfile-info Plug-in EXIF Parsing Flaw Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1017325 |
|
SecurityTracker URL: http://securitytracker.com/id/1017325
|
|
CVE Reference:
CVE-2006-6297
(Links to External Site)
|
Updated: May 22 2008
|
Original Entry Date: Dec 1 2006
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.1.0 - 3.5.5
|
Description:
A vulnerability was reported in KDE in the kdegraphics component. A remote user can cause arbitrary code to be executed on the target user's system.
The JPEG kfile-info plugin contains a flaw in parsing EXIF data. A remote user can create a specially crafted image file that, when processed by the target user or application, will cause the application to enter an endless loop.
Marcus Meissner from SUSE Security reported this vulnerability.
|
Impact:
A remote user can create an image file that, when processed by the target user, will cause the target application to enter an endless loop. On some systems, this may cause the application to crash or consume all available memory.
|
Solution:
The vendor has issued a patch for KDE 3.1.0 - KDE 3.5.5, available at:
ftp://ftp.kde.org/pub/kde/security_patches
1ce5fb77aff8f97ed21da046c1385000 post-3.5.5-kdegraphics.diff
The KDE advisory is available at:
http://www.kde.org/info/security/advisory-20061129-1.txt
|
Vendor URL: www.kde.org/info/security/advisory-20061129-1.txt (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 1 Dec 2006 10:28:03 -0500
Subject: KDE Security Advisory: JPEG-EXIF Meta Information DoS vulnerability
|
http://www.kde.org/info/security/advisory-20061129-1.txt
|
|
