OSVDB ID: 86825

Title: KDE Konqueror khtml/imload/scaledimageplane.h Canvas Dimension Handling Overflow

Info

Disclosure

Oct 10, 2012

Discovery

Unknown

Dates

Exploit

Oct 10, 2012

Solution

Unknown

Description

KDE Konqueror is prone to an overflow condition. The issue is triggered when khtml/imload/scaledimageplane.h fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted canvas dimension, a context-dependent attacker can potentially execute arbitrary code or cause a denial of service.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, a patch has been committed to the source code repository that addresses this vulnerability. Until it is incorporated into the next release of the software, manually patching an existing installation is the only known available solution. Check the vendor advisory or solution URL in the references section.

Products

KDE Project

Konqueror

4.7.3

References

Security Tracker: 1027709
CVE ID: 2012-4513 (see also: NVD)
Exploit Database: 22406
Secunia Advisory ID: 51097 51145 51375
Bugtraq ID: 55879
Related OSVDB ID: 86826 86827 86847
Mail List Post: http://seclists.org/bugtraq/2012/Nov/4
http://seclists.org/oss-sec/2012/q4/65
Vendor URL: http://www.kde.org/
Other Advisory URL: http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc
Vendor Specific News/Changelog Entry: https://bugzilla.novell.com/show_bug.cgi?id=729829
https://bugzilla.novell.com/show_bug.cgi?id=787520
Vendor Specific Solution URL: https://projects.kde.org/projects/kde/kdelibs/repository/revisions/1f8b1b034ccf1713a5d123a4c327290f86d17d53
RedHat RHSA: RHSA-2012:1416

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86825