The new progressive PNG Image loader in KHTML of KDE 4.0 and newer can be tricked into overrunning a heap allocated memory buffer by loading a specially encoded image. http://www.kde.org/info/security/advisory-20080426-1.txt http://bugs.kde.org/show_bug.cgi?id=156623 Please note that this issue is under embargo until 2008-04-26. *Do not commit* anything to CVS and keep any information confidential until that date.
Created attachment 150574 [details, diff] post-kde-4.0.3-khtml.diff
Committed.
Thanks(In reply to comment #2) > Committed. > Thanks.