KDE Project Security Advisory
=============================

Title:          Okular: heap out-of-bounds write in fax backend on zero-length input
Risk Rating:    High
CVE:            PENDING
Versions:       Okular <= 26.04.0
Author:         George Karagiannidis
Date:           11 May 2026

Overview
========

Okular is a universal document viewer. The fax backend in
generators/fax/faxdocument.cpp does not validate zero-length input before
writing two sentinel values into a freshly allocated heap buffer, resulting
in a heap out-of-bounds write before the start of the allocation.

Impact
======

Opening a crafted fax file triggers a heap out-of-bounds write in the
fax parser. This may lead to memory corruption depending on allocator
behavior and heap layout.

Workaround
==========

Do not open untrusted .g3 or .g4 fax files in vulnerable Okular builds.

Solution
========

Update Okular >= 26.04.1 or apply
https://commits.kde.org/okular/466786c354d890e39a3871f80ed686958d2513a2

Credits
=======

Thanks to George Karagiannidis from TwelveSec for reporting this issue.