6.8

CVE-2010-2575

Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KdeKde Sc Version4.3.0
KdeKde Sc Version4.3.1
KdeKde Sc Version4.3.2
KdeKde Sc Version4.3.3
KdeKde Sc Version4.3.4
KdeKde Sc Version4.3.5
KdeKde Sc Version4.4.0
KdeKde Sc Version4.4.1
KdeKde Sc Version4.4.2
KdeKde Sc Version4.4.3
KdeKde Sc Version4.4.4
KdeKde Sc Version4.4.5
KdeKde Sc Version4.5.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.65% 0.906
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046448.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046524.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046542.html
http://secunia.com/advisories/40952
Vendor Advisory
http://secunia.com/advisories/41086
http://secunia.com/advisories/41132
http://secunia.com/secunia_research/2010-109/
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.340142
http://www.kde.org/info/security/advisory-20100825-1.txt
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:162
http://www.osvdb.org/67454
http://www.securityfocus.com/archive/1/513341/100/0/threaded
http://www.ubuntu.com/usn/USN-979-1
http://www.vupen.com/english/advisories/2010/2178
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2179
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2202
http://www.vupen.com/english/advisories/2010/2206
http://www.vupen.com/english/advisories/2010/2219
http://www.vupen.com/english/advisories/2010/2230
https://bugzilla.redhat.com/show_bug.cgi?id=627289
https://exchange.xforce.ibmcloud.com/vulnerabilities/61371