CVE-2010-2575

Summary

CVE	CVE-2010-2575
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2010-08-30 21:00:00 UTC
Updated	2018-10-10 19:59:00 UTC
Description	Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Kde	Kde Sc	4.3.0	All	All	All
Application	Kde	Kde Sc	4.3.1	All	All	All
Application	Kde	Kde Sc	4.3.2	All	All	All
Application	Kde	Kde Sc	4.3.3	All	All	All
Application	Kde	Kde Sc	4.3.4	All	All	All
Application	Kde	Kde Sc	4.3.5	All	All	All
Application	Kde	Kde Sc	4.4.0	All	All	All
Application	Kde	Kde Sc	4.4.1	All	All	All
Application	Kde	Kde Sc	4.4.2	All	All	All
Application	Kde	Kde Sc	4.4.3	All	All	All
Application	Kde	Kde Sc	4.4.4	All	All	All
Application	Kde	Kde Sc	4.4.5	All	All	All
Application	Kde	Kde Sc	4.5.0	All	All	All
Application	Kde	Kde Sc	4.3.0	All	All	All
Application	Kde	Kde Sc	4.3.1	All	All	All
Application	Kde	Kde Sc	4.3.2	All	All	All
Application	Kde	Kde Sc	4.3.3	All	All	All
Application	Kde	Kde Sc	4.3.4	All	All	All
Application	Kde	Kde Sc	4.3.5	All	All	All
Application	Kde	Kde Sc	4.4.0	All	All	All
Application	Kde	Kde Sc	4.4.1	All	All	All
Application	Kde	Kde Sc	4.4.2	All	All	All
Application	Kde	Kde Sc	4.4.3	All	All	All
Application	Kde	Kde Sc	4.4.4	All	All	All
Application	Kde	Kde Sc	4.4.5	All	All	All
Application	Kde	Kde Sc	4.5.0	All	All	All

References

Reference	Source	Link	Tags
Fedora update for kdegraphics - Advisories - Community	SECUNIA	secunia.com
Research - Community	MISC	secunia.com	Vendor Advisory
[SECURITY] Fedora 12 Update: kdegraphics-4.4.5-3.fc12	FEDORA	lists.fedoraproject.org
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
627289 – CVE-2010-2575 kdegraphics: integer overflow error in Okular [fedora-all]	CONFIRM	bugzilla.redhat.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Ubuntu update for kdegraphics - Advisories - Community	SECUNIA	secunia.com
KDE Okular PDB Parsing RLE Decompression Buffer Overflow - Advisories - Community	SECUNIA	secunia.com	Vendor Advisory
SecurityFocus	BUGTRAQ	www.securityfocus.com
Advisories \| Mandriva	MANDRIVA	www.mandriva.com
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:018	SUSE	lists.opensuse.org
67454	OSVDB	www.osvdb.org
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
[SECURITY] Fedora 14 Update: kdegraphics-4.5.0-2.fc14	FEDORA	lists.fedoraproject.org
www.kde.org/info/security/advisory-20100825-1.txt	CONFIRM	www.kde.org	Patch, Vendor Advisory
[SECURITY] Fedora 13 Update: kdegraphics-4.4.5-3.fc13	FEDORA	lists.fedoraproject.org
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
The Slackware Linux Project: Slackware Security Advisories	SLACKWARE	slackware.com
USN-979-1: okular vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.