-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: KOffice PDF Import Filter Vulnerability Original Release Date: 2005-01-20 URL: http://www.kde.org/info/security/advisory-20050120-1.txt 0. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064 http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities 1. Systems affected: KOffice 1.3 up to including KOffice 1.3.5 2. Overview: The KOffice PDF Import Filter shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file. 3. Impact: Remotely supplied pdf files can be used to execute arbitrary code on the client machine when the user opens such file in KOffice. 4. Solution: Source code patches have been made available which fix these vulnerabilities. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages. 5. Patch: Patch for KOffice 1.3.5 is available from ftp://ftp.kde.org/pub/kde/security_patches : 0e6194cbfe3f6d3b3c848c2c76ef5bfb post-1.3.5-koffice.diff 6. Time line and credits: 19/01/2005 KDE Security Team alerted by Carsten Lohrke 19/01/2005 Patches from xpdf 3.00pl3 applied to KDE CVS and patches prepared. 20/01/2005 Public disclosure. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFB8CcAN4pvrENfboIRAskgAJ0ejlXQ5lm5ijZ7p4N3nIoO8AOnogCffELh tEDcXP6ayczkm1wmk+komLQ= =TUha -----END PGP SIGNATURE-----