CVE-2010-2575

Publication date 30 August 2010

Last updated 24 July 2024

Ubuntu priority

Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
kdegraphics	10.04 LTS lucid	Fixed 4:4.4.2-0ubuntu1.1
	9.10 karmic	Fixed 4:4.3.2-0ubuntu1.1
	9.04 jaunty	Fixed 4:4.2.2-0ubuntu2.1
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

Notes

sbeattie

patch/cve notification from jriddell kpdf (the precursor to okular) does not appear to be affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
kdegraphics	Upstream: http://websvn.kde.org/?view=revision&revision=1167827

CVE-2010-2575

Status

Notes

sbeattie

Patch details

References

Related Ubuntu Security Notices (USN)

Other references