Package name
kdegraphics
Date
2010-11-12
Advisory ID
MDVSA-2010:229
Affected versions
CS4.0 x86_64 , CS4.0 i586

Problem description

Multiple vulnerabilities were discovered and corrected in kdegraphics:

The Gfx::getPos function in the PDF parser in kdegraphics, allows
context-dependent attackers to cause a denial of service (crash)
via unknown vectors that trigger an uninitialized pointer dereference
(CVE-2010-3702).

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser
in kdegraphics, allows context-dependent attackers to cause a denial
of service (crash) and possibly execute arbitrary code via a PDF
file with a crafted Type1 font that contains a negative array index,
which bypasses input validation and which triggers memory corruption
(CVE-2010-3704).

The updated packages have been patched to correct these issues.

Updated packages

CS4.0 x86_64

 36a31767741bd50a3004702c8a0593f7  corporate/4.0/x86_64/kdegraphics-3.5.4-0.12.20060mlcs4.x86_64.rpm
 bab9ffe58b658a83a26643a8eb663e55  corporate/4.0/x86_64/kdegraphics-common-3.5.4-0.12.20060mlcs4.x86_64.rpm
 aca36f11bcc8512a03c63a2b045c1989  corporate/4.0/x86_64/kdegraphics-kcolorchooser-3.5.4-0.12.20060mlcs4.x86_64.rpm
 2ebb73a245045a79a9e08d950fce8ebc  corporate/4.0/x86_64/kdegraphics-kcoloredit-3.5.4-0.12.20060mlcs4.x86_64.rpm
 b0310776b7781f97b861b85d08a7362d  corporate/4.0/x86_64/kdegraphics-kdvi-3.5.4-0.12.20060mlcs4.x86_64.rpm
 e246df26c4d8f4029265ea8c0d885f51  corporate/4.0/x86_64/kdegraphics-kfax-3.5.4-0.12.20060mlcs4.x86_64.rpm
 e0df27e7686f643d040f3f637d0d4346  corporate/4.0/x86_64/kdegraphics-kghostview-3.5.4-0.12.20060mlcs4.x86_64.rpm
 cb0b2a6e1f336705b4d181c5f81b1cd2  corporate/4.0/x86_64/kdegraphics-kiconedit-3.5.4-0.12.20060mlcs4.x86_64.rpm
 5f3ee4587164dabbdcdeee61b4332d02  corporate/4.0/x86_64/kdegraphics-kolourpaint-3.5.4-0.12.20060mlcs4.x86_64.rpm
 a64ef0630f8c48cd061dd86a2244f456  corporate/4.0/x86_64/kdegraphics-kooka-3.5.4-0.12.20060mlcs4.x86_64.rpm
 276d87fb4e63586dd3fdf9d2374f2df1  corporate/4.0/x86_64/kdegraphics-kpdf-3.5.4-0.12.20060mlcs4.x86_64.rpm
 d9576eb89f668d85d6ac195df3f3b3cf  corporate/4.0/x86_64/kdegraphics-kpovmodeler-3.5.4-0.12.20060mlcs4.x86_64.rpm
 7d703b1083e0d7830a137d68b6b87023  corporate/4.0/x86_64/kdegraphics-kruler-3.5.4-0.12.20060mlcs4.x86_64.rpm
 441fe8501578b70c2f3d07aea5e2002d  corporate/4.0/x86_64/kdegraphics-ksnapshot-3.5.4-0.12.20060mlcs4.x86_64.rpm
 bf6eb39574f73c5e0d4799078d23e150  corporate/4.0/x86_64/kdegraphics-ksvg-3.5.4-0.12.20060mlcs4.x86_64.rpm
 ec6df8fdc72776d7a6fab6ee800b37d0  corporate/4.0/x86_64/kdegraphics-kuickshow-3.5.4-0.12.20060mlcs4.x86_64.rpm
 0c328ed02ff0c8cdb29dc4999fd822da  corporate/4.0/x86_64/kdegraphics-kview-3.5.4-0.12.20060mlcs4.x86_64.rpm
 e5180f6d7b5f5f62ffc2b124b3342a3b  corporate/4.0/x86_64/kdegraphics-mrmlsearch-3.5.4-0.12.20060mlcs4.x86_64.rpm
 ef3333ebf490da8a08536be2d6510d70  corporate/4.0/x86_64/lib64kdegraphics0-common-3.5.4-0.12.20060mlcs4.x86_64.rpm
 f7b09a618f8c106f0a2c4219ddd80fbc  corporate/4.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm
 c6ebaea536386e653f8553953616272b  corporate/4.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-0.12.20060mlcs4.x86_64.rpm
 1c9ef7849ea4e7e4536f4c1f914f856b  corporate/4.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm
 5e541a891e0974820de0432fbd7f25e6  corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.12.20060mlcs4.x86_64.rpm
 b2ab7198cdba8e6fc36c6c7e98b812a0  corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm
 c89418c553f375ea7466fba6cc49fc92  corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-0.12.20060mlcs4.x86_64.rpm
 67efa16aaf65bb405682c77d35c8b600  corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm
 129aef0550f1c3924e9af4eb2b58c12c  corporate/4.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-0.12.20060mlcs4.x86_64.rpm
 583ed26ed824d01f8f54e282800a541c  corporate/4.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm
 76bc8af5082d9ccda27f57ab8cb18f26  corporate/4.0/x86_64/lib64kdegraphics0-kview-3.5.4-0.12.20060mlcs4.x86_64.rpm
 075d3c547fa866b7787a099b14e49345  corporate/4.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-0.12.20060mlcs4.x86_64.rpm 
 c9c2263610c4e435444af0d1106c6cf1  corporate/4.0/SRPMS/kdegraphics-3.5.4-0.12.20060mlcs4.src.rpm

CS4.0 i586

 ca7fc66407f8bce089a8cc674b19c151  corporate/4.0/i586/kdegraphics-3.5.4-0.12.20060mlcs4.i586.rpm
 70cf8e941a95ebb7c29ebaf86f6fbf21  corporate/4.0/i586/kdegraphics-common-3.5.4-0.12.20060mlcs4.i586.rpm
 e9ac44eca48479b959f8fe6fb95e08f0  corporate/4.0/i586/kdegraphics-kcolorchooser-3.5.4-0.12.20060mlcs4.i586.rpm
 204ceb80cf1eb61d2bbff6980cde029f  corporate/4.0/i586/kdegraphics-kcoloredit-3.5.4-0.12.20060mlcs4.i586.rpm
 e36bc343ef8f1a5a1d65302d48b24d7c  corporate/4.0/i586/kdegraphics-kdvi-3.5.4-0.12.20060mlcs4.i586.rpm
 cb240518d43421152b6fecfc2569d3a5  corporate/4.0/i586/kdegraphics-kfax-3.5.4-0.12.20060mlcs4.i586.rpm
 288498c8a2b49e0c52290eab2b385077  corporate/4.0/i586/kdegraphics-kghostview-3.5.4-0.12.20060mlcs4.i586.rpm
 927d95e35dd24f4c2b2d9c51351ff53d  corporate/4.0/i586/kdegraphics-kiconedit-3.5.4-0.12.20060mlcs4.i586.rpm
 bae51eca43e42d5dea56a12e2244aaf7  corporate/4.0/i586/kdegraphics-kolourpaint-3.5.4-0.12.20060mlcs4.i586.rpm
 c5f9dbf0787af4860e83e4012ff95414  corporate/4.0/i586/kdegraphics-kooka-3.5.4-0.12.20060mlcs4.i586.rpm
 3f87017a2d2f48bb58b9416165c58c05  corporate/4.0/i586/kdegraphics-kpdf-3.5.4-0.12.20060mlcs4.i586.rpm
 0fd23113ac80d598a89f540511e24391  corporate/4.0/i586/kdegraphics-kpovmodeler-3.5.4-0.12.20060mlcs4.i586.rpm
 1679b176813d4cbd6f6985ec0802fd3f  corporate/4.0/i586/kdegraphics-kruler-3.5.4-0.12.20060mlcs4.i586.rpm
 f15ee25628500750a730ce92a0201a4c  corporate/4.0/i586/kdegraphics-ksnapshot-3.5.4-0.12.20060mlcs4.i586.rpm
 7914fbb235b36ca74b8e2d9a860abccc  corporate/4.0/i586/kdegraphics-ksvg-3.5.4-0.12.20060mlcs4.i586.rpm
 d3fc0dd097c42df72ecfc8fd2675343d  corporate/4.0/i586/kdegraphics-kuickshow-3.5.4-0.12.20060mlcs4.i586.rpm
 311455a89e5644a9851d4e8271a9e040  corporate/4.0/i586/kdegraphics-kview-3.5.4-0.12.20060mlcs4.i586.rpm
 daf09d00ef74a95a8b900056860d666d  corporate/4.0/i586/kdegraphics-mrmlsearch-3.5.4-0.12.20060mlcs4.i586.rpm
 f5ffdde157c6812aedb93c7591ded12c  corporate/4.0/i586/libkdegraphics0-common-3.5.4-0.12.20060mlcs4.i586.rpm
 01b461e1751a15a52086501c2a5ed470  corporate/4.0/i586/libkdegraphics0-common-devel-3.5.4-0.12.20060mlcs4.i586.rpm
 de7af69b690ab208a510dcc63a829e78  corporate/4.0/i586/libkdegraphics0-kghostview-3.5.4-0.12.20060mlcs4.i586.rpm
 b049a34f035dc104969ae6bcf36f5fea  corporate/4.0/i586/libkdegraphics0-kghostview-devel-3.5.4-0.12.20060mlcs4.i586.rpm
 a22394fe4b115cd6440ce8ec49ae3f62  corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.12.20060mlcs4.i586.rpm
 181b757f32dc94a2812c8c001de3da3b  corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.12.20060mlcs4.i586.rpm
 5cb0455df62e6659b1f48d1867d67ac9  corporate/4.0/i586/libkdegraphics0-kpovmodeler-3.5.4-0.12.20060mlcs4.i586.rpm
 9c05a10a32f9311e548c7c0d488e70ae  corporate/4.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-0.12.20060mlcs4.i586.rpm
 5e2a5052e8cf52419c02684ed08f7a5f  corporate/4.0/i586/libkdegraphics0-ksvg-3.5.4-0.12.20060mlcs4.i586.rpm
 92f6b294a7b6047d3ffb63260b7e7a56  corporate/4.0/i586/libkdegraphics0-ksvg-devel-3.5.4-0.12.20060mlcs4.i586.rpm
 246296dd53e92f43fbe399347777a76e  corporate/4.0/i586/libkdegraphics0-kview-3.5.4-0.12.20060mlcs4.i586.rpm
 66f77aeb07aa3880e6ea8a2ebe72cf35  corporate/4.0/i586/libkdegraphics0-kview-devel-3.5.4-0.12.20060mlcs4.i586.rpm 
 c9c2263610c4e435444af0d1106c6cf1  corporate/4.0/SRPMS/kdegraphics-3.5.4-0.12.20060mlcs4.src.rpm

References