kdelibs4: Invalid calculation of PCX image properties possibly permits arbitrary code execution

Bug #15458 reported by Debian Bug Importer
8
Affects Status Importance Assigned to Milestone
kdelibs (Debian)
Fix Released
Unknown
kdelibs (Ubuntu)
Fix Released
High
Jonathan Riddell

Bug Description

Automatically imported from Debian bug report #304465 http://bugs.debian.org/304465

CVE References

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #304465 http://bugs.debian.org/304465

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Wed, 13 Apr 2005 12:32:08 +0200
From: Moritz Muehlenhoff <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: kdelibs4: Invalid calculation of PCX image properties possibly permits
 arbitrary code execution

Package: kdelibs4
Severity: grave
Tags: security
Justification: user security hole

Invalid range checking in PCX header parsing possibly permits execution
of arbitrary code. Please see http://bugs.kde.org/show_bug.cgi?id=102328
for a full description, a crafted test image and a patch from Waldo Bastian
(so there's probably a pending KDE security advisory).

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Revision history for this message
In , Moritz Muehlenhoff (jmm-inutil) wrote : KDE advisory

There now has been an official KDE advisory for this as well.
Please refer to CAN-2005-1046 when fixing this.

Cheers,
        Moritz

Revision history for this message
In , Debian Qt/KDE Maintainers (debian-qt-kde) wrote : Bug#304465: fixed in kdelibs 4:3.3.2-5
Download full text (3.4 KiB)

Source: kdelibs
Source-Version: 4:3.3.2-5

We believe that the bug you reported is fixed in the latest version of
kdelibs, which is due to be installed in the Debian FTP archive:

kdelibs-bin_3.3.2-5_i386.deb
  to pool/main/k/kdelibs/kdelibs-bin_3.3.2-5_i386.deb
kdelibs-data_3.3.2-5_all.deb
  to pool/main/k/kdelibs/kdelibs-data_3.3.2-5_all.deb
kdelibs4-dev_3.3.2-5_i386.deb
  to pool/main/k/kdelibs/kdelibs4-dev_3.3.2-5_i386.deb
kdelibs4-doc_3.3.2-5_all.deb
  to pool/main/k/kdelibs/kdelibs4-doc_3.3.2-5_all.deb
kdelibs4_3.3.2-5_i386.deb
  to pool/main/k/kdelibs/kdelibs4_3.3.2-5_i386.deb
kdelibs_3.3.2-5.diff.gz
  to pool/main/k/kdelibs/kdelibs_3.3.2-5.diff.gz
kdelibs_3.3.2-5.dsc
  to pool/main/k/kdelibs/kdelibs_3.3.2-5.dsc
kdelibs_3.3.2-5_all.deb
  to pool/main/k/kdelibs/kdelibs_3.3.2-5_all.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Debian Qt/KDE Maintainers <email address hidden> (supplier of updated kdelibs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 22 Apr 2005 11:21:11 -0400
Source: kdelibs
Binary: kdelibs4 kdelibs-bin kdelibs kdelibs4-doc kdelibs-data kdelibs4-dev
Architecture: source i386 all
Version: 4:3.3.2-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <email address hidden>
Changed-By: Debian Qt/KDE Maintainers <email address hidden>
Description:
 kdelibs - KDE core libraries metapackage
 kdelibs-bin - KDE core binaries
 kdelibs-data - KDE core shared data
 kdelibs4 - KDE core libraries
 kdelibs4-dev - KDE core libraries (development files)
 kdelibs4-doc - KDE core library documentation
Closes: 301971 304465
Changes:
 kdelibs (4:3.3.2-5) unstable; urgency=medium
 .
   +++ Changes by Christopher Martin:
 .
   * KDE_3_3_BRANCH update. Includes fixes for CAN-2005-1046, a series of
     vulnerabilities involving improper input validation for image files,
     potentially resulting in arbitrary code execution. (Closes: #304465)
 .
   * Add GFDL to debian/copyright.
 .
   * Add another kaccel patch that fixes non-English keyboards on
     SunRay terminals. Thanks to Nikita Youshchenko. (Closes: #301971)
Files:
 302d5be112caad72df4ee219b471033e 1302 libs optional kdelibs_3.3.2-5.dsc
 6e6cc22ea66e784da55d64fffed9cd99 402866 libs optional kdelibs_3.3.2-5.diff.gz
 dcd0c521a4681f6560afafb06f628f3d 863424 libs optional kdelibs-bin_3.3.2-5_i386.deb
 4b316b6e243d43dc6895b92f910e877d 8202038 libs optional kdelibs4_3.3.2-5_i386.deb
 eb6e3a32dab1a3010ba71ab8d6cb6941 1239838 libdevel optional kdelibs4-dev_3.3.2-5_i386.deb
 1d8d240dfde8fed60157b8da61730bcd 27608 kde optional kdelibs_3.3.2-5_all.deb
 bcd465f6de994d1512b518ec53514346 7093826 libs optional kdelibs-data_3.3.2-5_all.deb
 6859...

Read more...

Revision history for this message
Martin Pitt (pitti) wrote :

This is CAN-2005-1046 and has been fixed in Hoary and Breezy.

Changed in kdelibs:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.