KDE : Security Vulnerabilities, CVEs, (Overflow) CVSS score >= 3
KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE.
Max CVSS
5.5
EPSS Score
0.16%
Published
2021-07-01
Updated
2021-07-08
khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.
Max CVSS
6.4
EPSS Score
7.69%
Published
2012-11-11
Updated
2012-11-12
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
Max CVSS
7.5
EPSS Score
10.16%
Published
2012-08-20
Updated
2023-02-13
Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.
Max CVSS
6.8
EPSS Score
6.01%
Published
2010-08-30
Updated
2018-10-10
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.
Max CVSS
9.3
EPSS Score
0.70%
Published
2009-12-21
Updated
2017-09-19
Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
9.21%
Published
2009-08-20
Updated
2017-09-19
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.
Max CVSS
9.3
EPSS Score
3.86%
Published
2008-04-28
Updated
2017-08-08
KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.
Max CVSS
6.5
EPSS Score
4.90%
Published
2006-12-29
Updated
2024-02-08
Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow.
Max CVSS
6.8
EPSS Score
11.77%
Published
2006-12-03
Updated
2018-10-17
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
Max CVSS
7.5
EPSS Score
17.27%
Published
2006-01-20
Updated
2018-10-19
Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file.
Max CVSS
7.5
EPSS Score
16.79%
Published
2005-10-20
Updated
2018-10-03
Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.
Max CVSS
7.5
EPSS Score
13.64%
Published
2005-05-02
Updated
2018-10-19
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
Max CVSS
7.5
EPSS Score
0.66%
Published
2005-04-27
Updated
2017-10-11
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
Max CVSS
9.3
EPSS Score
6.20%
Published
2005-01-10
Updated
2018-10-03
Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm.
Max CVSS
4.3
EPSS Score
0.49%
Published
2003-12-31
Updated
2017-07-29
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
Max CVSS
7.5
EPSS Score
2.78%
Published
2004-02-17
Updated
2017-10-10
Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.
Max CVSS
5.0
EPSS Score
0.28%
Published
2002-12-31
Updated
2008-09-05
Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-11-29
Updated
2016-10-18
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.
Max CVSS
7.5
EPSS Score
0.82%
Published
2002-10-28
Updated
2008-09-05
Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name.
Max CVSS
5.0
EPSS Score
0.84%
Published
1999-06-01
Updated
2017-10-10
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.
Max CVSS
7.2
EPSS Score
0.05%
Published
2000-05-27
Updated
2008-09-10
Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable.
Max CVSS
7.2
EPSS Score
0.05%
Published
1998-11-18
Updated
2017-12-19
Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument.
Max CVSS
7.2
EPSS Score
0.04%
Published
1998-04-29
Updated
2017-12-19
Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable.
Max CVSS
7.2
EPSS Score
0.04%
Published
1998-05-16
Updated
2017-12-19
24 vulnerabilities found