KDE : Security Vulnerabilities, CVEs, (Overflow) CVSS score >= 7
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
Max CVSS
7.5
EPSS Score
10.16%
Published
2012-08-20
Updated
2023-02-13
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.
Max CVSS
9.3
EPSS Score
0.70%
Published
2009-12-21
Updated
2017-09-19
Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
9.21%
Published
2009-08-20
Updated
2017-09-19
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.
Max CVSS
9.3
EPSS Score
3.86%
Published
2008-04-28
Updated
2017-08-08
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
Max CVSS
7.5
EPSS Score
17.27%
Published
2006-01-20
Updated
2018-10-19
Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file.
Max CVSS
7.5
EPSS Score
16.79%
Published
2005-10-20
Updated
2018-10-03
Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.
Max CVSS
7.5
EPSS Score
13.64%
Published
2005-05-02
Updated
2018-10-19
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
Max CVSS
7.5
EPSS Score
0.66%
Published
2005-04-27
Updated
2017-10-11
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
Max CVSS
9.3
EPSS Score
6.20%
Published
2005-01-10
Updated
2018-10-03
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
Max CVSS
7.5
EPSS Score
2.78%
Published
2004-02-17
Updated
2017-10-10
Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-11-29
Updated
2016-10-18
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.
Max CVSS
7.5
EPSS Score
0.82%
Published
2002-10-28
Updated
2008-09-05
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.
Max CVSS
7.2
EPSS Score
0.05%
Published
2000-05-27
Updated
2008-09-10
Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable.
Max CVSS
7.2
EPSS Score
0.05%
Published
1998-11-18
Updated
2017-12-19
Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument.
Max CVSS
7.2
EPSS Score
0.04%
Published
1998-04-29
Updated
2017-12-19
Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable.
Max CVSS
7.2
EPSS Score
0.04%
Published
1998-05-16
Updated
2017-12-19
16 vulnerabilities found