‘KDE Okular PDB Parsing RLE Decompression Buffer Overflow Vulnerability’


A vulnerability was discovered in KDE Okular, which can be exploited by malicious people to potentially compromise a user’s system.’


‘The information has been provided by Stefan Cornelius.
The original article can be found at: http://secunia.com/secunia_research/2010-109/


Vulnerable Systems:
KDE Okular version 4.4.5

The vulnerability is caused by a boundary error within the RLE decompression in the ‘TranscribePalmImageToJPEG()’ function in generators/plucker/unpluck/image.cpp. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PDB file.

Patch Availability:
Apply patches. See the vendor’s advisory for additional details.

CVE Information:

Disclosure Timeline:
11/08/2010 – Vendor notified.
25/08/2010 – Public disclosure.’

Categories: UNIX