Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 334469 (CVE-2010-2575)

Summary: <kde-base/okular-4.4.5-r2: Memory Corruption Vulnerability (CVE-2010-2575)
Product: Gentoo Security Reporter: Tim Sammut (RETIRED) <underling>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.kde.org/info/security/advisory-20100825-1.txt
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Tim Sammut (RETIRED) gentoo-dev 2010-08-25 16:36:54 UTC 
From URL:

    The vulnerability is caused due to a boundary error during RLE
    decompression in the "TranscribePalmImageToJPEG()" function in
    generators/plucker/inplug/image.cpp when processing images embedded in
    PDB files, which can be exploited to cause a heap-based buffer overflow
    by e.g. tricking a user into opening a specially crafted PDB file.

Patches appear available from the upstream.

    Patches have been committed to the KDE Subversion repository in the
    following revision numbers:

    4.3 branch: r1167825
    4.4 branch: r1167826
    4.5 branch: r1167827
    Trunk: r1167828

    Patches for KDE SC 4.3, KDE SC 4.4 and KDE SC 4.5 may be obtained
    directly from the Subversion repository (no checkout needed) with
    the following command and reference SHA1 sums:

    4.3 branch: f1ad2e50ce0ce8592c767365b87a22a80943aa28
    svn diff -r 1167824:1167825 \
    svn://anonsvn.kde.org/home/kde/branches/KDE/4.3/kdegraphics

    4.4 branch: 13f06704919f239ef29ff63e6c1ddf8fa162af9c
    svn diff -r 1167825:1167826 \
    svn://anonsvn.kde.org/home/kde/branches/KDE/4.4/kdegraphics

    4.5 branch: d739c58873599f7324c9d6500d3615f803bff39e
    svn diff -r 1167826:1167827 \
    svn://anonsvn.kde.org/home/kde/branches/KDE/4.5/kdegraphics
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 21:48:46 UTC 
CVE-2010-2575 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2575):
  Heap-based buffer overflow in the RLE decompression functionality in
  the TranscribePalmImageToJPEG function in
  generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through
  4.5.0 allows remote attackers to cause a denial of service
  (application crash) or possibly execute arbitrary code via a crafted
  image in a PDB file.
Comment 2 Andreas K. Hüttel archtester gentoo-dev 2010-12-30 09:27:51 UTC 
Fixed in 4.5.1

Current stable 4.4.5 is still vulnerable
Comment 3 Andreas K. Hüttel archtester gentoo-dev 2010-12-30 14:00:52 UTC 
The patch is added in okular-4.4.5-r2, bumped straight to stable.

As long as nothing explodes during the next hours, feel free to 
* remove 4.4.5-r1 from CVS
* remove 4.4.5 pending STABILIZATION of 4.4.5-r2 on ppc (ppc please do!!!)
Comment 4 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-01-11 12:35:44 UTC 
ppc stable,

@security: last arch (though the others were cheating :P) done, back to you
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-01-11 16:04:47 UTC 
Thanks, everyone. GLSA request filed.
Comment 6 Theo Chatzimichos (RETIRED) archtester gentoo-dev Security 2011-01-13 03:15:43 UTC 
removing KDE, CC us back if you need us again
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2013-11-28 08:51:03 UTC 
This issue was resolved and addressed in
 GLSA 201311-20 at http://security.gentoo.org/glsa/glsa-201311-20.xml
by GLSA coordinator Sergey Popov (pinkbyte).