Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1670

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1670
Last Modified 07 Mar 2011 10:07:26
Published 28 Apr 2008 01:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1670

Summary

Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.

Vulnerable Systems

Operating System

  • Kde 4.0.0

  • Kde 4.0.1

  • Kde 4.0.2

  • Kde 4.0.3


References

BID - 28937

SECUNIA - 29980

XF - kde-khtml-png-bo(42038)

VUPEN - ADV-2008-1371

SECTRACK - 1019929

CONFIRM - http://www.kde.org/info/security/advisory-20080426-1.txt

SUSE - SUSE-SR:2008:011


Last Updated: 27 May 2016 10:47:37