BID:21384

KDE JPEG KFile Info Plug-in EXIF Local Denial of Service Vulnerability

Info

KDE JPEG KFile Info Plug-in EXIF Local Denial of Service Vulnerability

Bugtraq ID:	21384
Class:	Design Error
CVE:	CVE-2006-6297
Remote:	No
Local:	Yes
Published:	Dec 01 2006 12:00AM
Updated:	Jan 17 2007 09:31PM
Credit:	The vendor disclosed this issue.
Vulnerable:	Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 KDE kdegraphics 3.5.4 + Mandriva Linux Mandrake 10.1 x86_64 + Mandriva Linux Mandrake 10.1 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 KDE KDE 3.5.5 KDE KDE 3.5.4 KDE KDE 3.5.3 KDE KDE 3.5.2 KDE KDE 3.5.1 KDE KDE 3.5 KDE KDE 3.4.3 KDE KDE 3.4.2 KDE KDE 3.4.1 + Redhat Fedora Core4 KDE KDE 3.4 KDE KDE 3.4 KDE KDE 3.3.2 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 s/390 + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 ppc + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mipsel + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 mips + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 m68k + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 hppa + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 arm + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 amd64 + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 alpha + Debian Linux 3.1 alpha + Debian Linux 3.1 + Debian Linux 3.1 + Debian Linux 3.1 KDE KDE 3.3.2 KDE KDE 3.3.1 + Redhat Fedora Core3 KDE KDE 3.3 KDE KDE 3.2.3 KDE KDE 3.2.2 + KDE KDE 3.2.2 + Redhat Fedora Core2 KDE KDE 3.2.1 KDE KDE 3.2 KDE KDE 3.1.5 KDE KDE 3.1.4 KDE KDE 3.1.3 + Redhat Desktop 3.0 + Redhat Desktop 3.0 + Redhat Enterprise Linux AS 3 + Redhat Enterprise Linux AS 3 + Redhat Enterprise Linux ES 3 + Redhat Enterprise Linux ES 3 + Redhat Enterprise Linux WS 3 KDE KDE 3.1.2 + KDE KDE 3.1.2 KDE KDE 3.1.1 a KDE KDE 3.1.1 + S.u.S.E. Linux Personal 8.2 + S.u.S.E. Linux Personal 8.2 KDE KDE 3.1 + Redhat Linux 9.0 i386 + SuSE Linux 8.1 + SuSE Linux 8.1 Gentoo Linux

Not Vulnerable:

Discussion

KDE JPEG KFile Info Plug-in EXIF Local Denial of Service Vulnerability

The JPEG kfile-info plugin is prone to a denial-of-service vulnerability due to a parsing bug.

An attacker can exploit this issue to crash the application that invoked the plugin.

KDE versions 3.1.0 to 3.5.5 are vulnerable.

Other applications that use this plugin may also be affected.

Exploit / POC

KDE JPEG KFile Info Plug-in EXIF Local Denial of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected].

Solution / Fix

KDE JPEG KFile Info Plug-in EXIF Local Denial of Service Vulnerability

Solution:
The vendor has released a patch to address this issue. Please see the references for more information.

KDE kdegraphics 3.5.4

Mandriva lib64kdegraphics0-kooka-3.5.4-0.2.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva lib64kdegraphics0-kooka-devel-3.5.4-0.2.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva libkdegraphics0-kooka-3.5.4-0.2.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva libkdegraphics0-kooka-devel-3.5.4-0.2.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

KDE KDE 3.5.5

KDE post-3.5.5-kdegraphics.diff
1ce5fb77aff8f97ed21da046c1385000
ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.5-kdegraphics.diff

References

KDE JPEG KFile Info Plug-in EXIF Local Denial of Service Vulnerability

References: