漏洞信息详情
KPdf和KWord多个缓冲区溢出漏洞
- CNNVD编号:CNNVD-200512-830
- 危害等级: 低危
- CVE编号: CVE-2005-3626
- 漏洞类型: 资源管理错误
- 发布时间: 2005-12-31
- 威胁类型: 远程
- 更新时间: 2007-02-07
- 厂 商: ubuntu
- 漏洞来源: Chris Evans chris...
漏洞简介
KPdf是kdegraphics软件包中捆绑的基于KDE的PDF浏览器,KWord是koffice软件包中捆绑的基于KDE的文字处理器。
KPdf和KWord都包含有用于处理PDF文件的Xpdf代码,该Xpdf代码中存在几个堆溢出和整数溢出。如果攻击者能够诱骗用户使用Kpdf或KWord打开特制的PDF文件的话,就可以以受影响应用程序的权限执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://security.gentoo.org/glsa/glsa-200601-02.xml
参考网址
来源: UBUNTU
名称: USN-236-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-236-1
来源: BID
名称: 16143
链接:http://www.securityfocus.com/bid/16143
来源: REDHAT
名称: RHSA-2006:0160
链接:http://www.redhat.com/support/errata/RHSA-2006-0160.HTML
来源: www.redhat.com
链接:http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.HTML
来源: www.redhat.com
链接:http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.HTML
来源: www.kde.org
链接:http://www.kde.org/info/security/advisory-20051207-2.txt
来源: GENTOO
名称: GLSA-200601-02
链接:http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
来源: VUPEN
名称: ADV-2006-0047
链接:http://www.frsirt.com/english/advisories/2006/0047
来源: DEBIAN
名称: DSA-961
链接:http://www.debian.org/security/2006/dsa-961
来源: DEBIAN
名称: DSA-950
链接:http://www.debian.org/security/2006/dsa-950
来源: DEBIAN
名称: DSA-936
链接:http://www.debian.org/security/2006/dsa-936
来源: SECUNIA
名称: 18582
链接:http://secunia.com/advisories/18582
来源: SECUNIA
名称: 18554
链接:http://secunia.com/advisories/18554
来源: SECUNIA
名称: 18534
链接:http://secunia.com/advisories/18534
来源: SECUNIA
名称: 18517
链接:http://secunia.com/advisories/18517
来源: SECUNIA
名称: 18448
链接:http://secunia.com/advisories/18448
来源: SECUNIA
名称: 18423
链接:http://secunia.com/advisories/18423
来源: SECUNIA
名称: 18416
链接:http://secunia.com/advisories/18416
来源: SECUNIA
名称: 18407
链接:http://secunia.com/advisories/18407
来源: SECUNIA
名称: 18398
链接:http://secunia.com/advisories/18398
来源: SECUNIA
名称: 18389
链接:http://secunia.com/advisories/18389
来源: SECUNIA
名称: 18387
链接:http://secunia.com/advisories/18387
来源: SECUNIA
名称: 18385
链接:http://secunia.com/advisories/18385
来源: SECUNIA
名称: 18349
链接:http://secunia.com/advisories/18349
来源: SECUNIA
名称: 18338
链接:http://secunia.com/advisories/18338
来源: SECUNIA
名称: 18335
链接:http://secunia.com/advisories/18335
来源: SECUNIA
名称: 18334
链接:http://secunia.com/advisories/18334
来源: SECUNIA
名称: 18313
链接:http://secunia.com/advisories/18313
来源: SECUNIA
名称: 18312
链接:http://secunia.com/advisories/18312
来源: REDHAT
名称: RHSA-2006:0177
链接:http://rhn.redhat.com/errata/RHSA-2006-0177.HTML
来源: SUSE
名称: SUSE-SA:2006:001
链接:http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.HTML
来源: MANDRIVA
名称: MDKSA-2006:012
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:012
来源: MANDRIVA
名称: MDKSA-2006:010
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:010
来源: MANDRIVA
名称: MDKSA-2006:008
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:008
来源: DEBIAN
名称: DSA-940
链接:http://www.debian.org/security/2005/dsa-940
来源: DEBIAN
名称: DSA-938
链接:http://www.debian.org/security/2005/dsa-938
来源: DEBIAN
名称: DSA-937
链接:http://www.debian.org/security/2005/dsa-937
来源: DEBIAN
名称: DSA-932
链接:http://www.debian.org/security/2005/dsa-932
来源: DEBIAN
名称: DSA-931
链接:http://www.debian.org/security/2005/dsa-931
来源: SECUNIA
名称: 18375
链接:http://secunia.com/advisories/18375
来源: SECUNIA
名称: 18332
链接:http://secunia.com/advisories/18332
来源: SECUNIA
名称: 18329
链接:http://secunia.com/advisories/18329
来源: SECUNIA
名称: 18303
链接:http://secunia.com/advisories/18303
来源: MISC
链接:http://scary.beasts.org/security/CESA-2005-003.txt
来源: MANDRIVA
名称: MDKSA-2006:006
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:006
来源: MANDRIVA
名称: MDKSA-2006:005
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:005
来源: MANDRIVA
名称: MDKSA-2006:004
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:004
来源: MANDRIVA
名称: MDKSA-2006:003
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:003
来源: SGI
名称: 20060101-01-U
链接:ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
来源: SGI
名称: 20051201-01-U
链接:ftp://patches.sgi.com/support/free/security/advisories/2 来源:NSFOCUS 名称:8378 链接:http://www.nsfocus.net/vulndb/8378
受影响实体
- Ubuntu Ubuntu_linux:5.10:I386
- Ubuntu Ubuntu_linux:5.04:Powerpc
- Ubuntu Ubuntu_linux:5.10:Amd64
- Ubuntu Ubuntu_linux:5.04:I386
- Kde Koffice:1.4.2
补丁
暂无
评论