KDE : Security Vulnerabilities, CVEs, Published In 2010 (Denial of service)
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.
Max CVSS
6.8
EPSS Score
0.57%
Published
2010-11-05
Updated
2019-03-06
Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.
Max CVSS
6.8
EPSS Score
6.01%
Published
2010-08-30
Updated
2018-10-10
2 vulnerabilities found