Home page logo

bugtraq logo Bugtraq mailing list archives

KDE Security Advisory: KGhostview Arbitary Code Execution
From: Dirk Mueller <mueller () kde org>
Date: Wed, 9 Oct 2002 23:50:31 +0200

Hash: SHA1

KDE Security Advisory: KGhostview Arbitary Code Execution
Original Release Date: 2002-10-08
URL: http://www.kde.org/info/security/advisory-20021008-1.txt

0. References

        cve.mitre.org: CAN-2002-0838
        BUGTRAQ:20020926 iDEFENSE Security Advisory 09.26.2002: 
        Exploitable Buffer Overflow in gv

1. Systems affected:

        KGhostView of any KDE release between KDE 1.1 and KDE 3.0.3a

2. Overview:
        KGhostview includes a DSC 3.0 parser from GSview, which is vulnerable
        to a buffer overflow while parsing a specially crafted .ps input
        file. It also contains code from gv 3.5.x which is vulnerable to another 
        buffer overflow triggered by malformed postscript or Adobe pdf files. 

3. Impact:
        Viewing certain Postscript or PDF files can result in the execution of 
        arbitary code placed in the file and as a result opens possibilities for
        any remote manipulation under the local user account.
4. Solution:
        Apply the patch listed in section 5 to kdegraphics/kghostview, or update
        to KDE 3.0.4. 

        kdegraphics-3.0.4 can be downloaded from

        http://download.kde.org/stable/3.0.4 :

        6065219c825102c843ba582c4a520cac  kdegraphics-3.0.4.tar.bz2

5. Patch:

        A patch for KDE 3.0.3 is available from
        ftp://ftp.kde.org/pub/kde/security_patches :
        9e33962406ac123e4fbdab20b4123ccf  post-3.0.3-kdegraphics-kghostview.diff
        A patch for KDE 2.2.2 is available from
        ftp://ftp.kde.org/pub/kde/security_patches : 
        62a1178c6a1730cbab98bbc825adafe9  post-2.2.2-kdegraphics-kghostview.diff
Version: GnuPG v1.0.7 (GNU/Linux)


  By Date           By Thread  

Current thread:
  • KDE Security Advisory: KGhostview Arbitary Code Execution Dirk Mueller (Oct 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]