| Summary: | KDE up to 3.5.0: kjs encodeuri/decodeuri heap overflow vulnerability (javascript engine) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sebastian <sebastian_ml> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | critical | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.kde.org/info/security/advisory-20060119-1.txt | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Hi all, I didn't find this in bugzilla yet. Quote: "Maksim Orlovich discovered an incorrect bounds check in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE, that allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences." Second URL: http://rhn.redhat.com/errata/RHSA-2006-0184.html