CVE-2010-2575

Published: Aug 30, 2010Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.

Affected (13)

Products: Kde: Kde Sc

1 product

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Kde Kde Sc	Version 4.3.0
Kde Kde Sc	Version 4.3.1
Kde Kde Sc	Version 4.3.2
Kde Kde Sc	Version 4.3.3
Kde Kde Sc	Version 4.3.4
Kde Kde Sc	Version 4.3.5
Kde Kde Sc	Version 4.4.0
Kde Kde Sc	Version 4.4.1
Kde Kde Sc	Version 4.4.2
Kde Kde Sc	Version 4.4.3
Kde Kde Sc	Version 4.4.4
Kde Kde Sc	Version 4.4.5
Kde Kde Sc	Version 4.5.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (44)

http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046448.html

Source: PSIRT-CNA@flexerasoftware.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046524.html

Source: PSIRT-CNA@flexerasoftware.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046542.html

Source: PSIRT-CNA@flexerasoftware.com

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/40952

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://secunia.com/advisories/41086

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/41132

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/secunia_research/2010-109/

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.340142

Source: PSIRT-CNA@flexerasoftware.com

http://www.kde.org/info/security/advisory-20100825-1.txt

Source: PSIRT-CNA@flexerasoftware.com

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2010:162

Source: PSIRT-CNA@flexerasoftware.com

http://www.osvdb.org/67454

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/archive/1/513341/100/0/threaded

Source: PSIRT-CNA@flexerasoftware.com

http://www.ubuntu.com/usn/USN-979-1

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2010/2178

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://www.vupen.com/english/advisories/2010/2179

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://www.vupen.com/english/advisories/2010/2202

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2010/2206

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2010/2219

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2010/2230

Source: PSIRT-CNA@flexerasoftware.com

https://bugzilla.redhat.com/show_bug.cgi?id=627289

Source: PSIRT-CNA@flexerasoftware.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/61371

Source: PSIRT-CNA@flexerasoftware.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046448.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046524.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046542.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/40952

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/41086

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/41132

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/secunia_research/2010-109/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.340142

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kde.org/info/security/advisory-20100825-1.txt

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2010:162

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/67454

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/513341/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-979-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/2178

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2010/2179

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2010/2202

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/2206

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/2219

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/2230

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=627289

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/61371

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.