ID CVE-2005-1046
Summary Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.
References
Vulnerable Configurations
  • cpe:2.3:o:kde:kde:3.4.0
    cpe:2.3:o:kde:kde:3.4.0
CVSS
Base: 7.5 (as of 14-06-2005 - 11:10)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-393.NASL
    description Updated kdelibs packages that fix a flaw in kimgio input validation are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. KDE is a graphical desktop environment for the X Window System. Konqueror is the file manager for the K Desktop Environment. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers. A buffer overflow was found in the kimgio library for KDE 3.4.0. An attacker could create a carefully crafted PCX image in such a way that it would cause kimgio to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1046 to this issue. All users of kdelibs should upgrade to these updated packages, which contain a backported security patch to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21933
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21933
    title CentOS 4 : kdelibs (CESA-2005:393)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200504-22.NASL
    description The remote host is affected by the vulnerability described in GLSA-200504-22 (KDE kimgio: PCX handling buffer overflow) kimgio fails to properly validate input when handling PCX files. Impact : By enticing a user to load a specially crafted PCX image in a KDE application, an attacker could execute arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 18125
    published 2005-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18125
    title GLSA-200504-22 : KDE kimgio: PCX handling buffer overflow
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-393.NASL
    description Updated kdelibs packages that fix a flaw in kimgio input validation are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. KDE is a graphical desktop environment for the X Window System. Konqueror is the file manager for the K Desktop Environment. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers. A buffer overflow was found in the kimgio library for KDE 3.4.0. An attacker could create a carefully crafted PCX image in such a way that it would cause kimgio to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1046 to this issue. All users of kdelibs should upgrade to these updated packages, which contain a backported security patch to correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 18279
    published 2005-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18279
    title RHEL 4 : kdelibs (RHSA-2005:393)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-114-1.NASL
    description Bruno Rohee discovered a buffer overflow in the PCX decoder of kimgio. If an attacker tricked a user into loading a malicious PCX image with a KDE application, he could exploit this to execute arbitrary code with the privileges of the user opening the image. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20501
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20501
    title Ubuntu 5.04 : kdelibs vulnerability (USN-114-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-085.NASL
    description A buffer overflow in the PCX decoder of kimgio was discovered by Bruno Rohee. If an attacker could trick a user into loading a malicious PCX image with any KDE application, he could cause the execution of arbitrary code with the privileges of the user opening the image. The provided packages have been patched to correct this issue. In addition, the LE2005 packages contain fixes to configuring email into kbugreport, fixing a KDE crasher bug, fixing a kicondialog bug, a KHTML bug, and a knewsticker export symbol problem.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18274
    published 2005-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18274
    title Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:085)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-714.NASL
    description KDE security team discovered several vulnerabilities in the PCX and other image file format readers in the KDE core libraries, some of them exploitable to execute arbitrary code. To a small extent the packages in woody are affected as well.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 18143
    published 2005-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18143
    title Debian DSA-714-1 : kdelibs - several vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_06404241B30611D9A7880001020EED82.NASL
    description A KDE Security Advisory reports : kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to execute arbitrary code. Impact: Remotely supplied, specially crafted image files can be used to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 18828
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18828
    title FreeBSD : kdelibs -- kimgio input validation errors (06404241-b306-11d9-a788-0001020eed82)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-350.NASL
    description A buffer overflow was found in the kimgio library for KDE 3.3.1. An attacker could create a carefully crafted PCX image in such a way that it would cause kimgio to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1046 to this issue. All users of kdelibs should upgrade to these updated packages, which contain a backported security patch to correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 62258
    published 2012-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62258
    title Fedora Core 3 : kdelibs-3.3.1-2.12.FC3 (2005-350)
oval via4
  • accepted 2013-04-29T04:11:21.574-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.
    family unix
    id oval:org.mitre.oval:def:11081
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.
    version 23
  • accepted 2008-10-20T04:00:22.743-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.
    family unix
    id oval:org.mitre.oval:def:5802
    status accepted
    submitted 2008-09-11T11:37:41.000-04:00
    title PCX Plugin of Gimp Vulnerability
    version 30
redhat via4
advisories
rhsa
id RHSA-2005:393
refmap via4
bid 13096
confirm http://www.kde.org/info/security/advisory-20050421-1.txt
debian DSA-714
fedora FLSA:178606
misc http://bugs.kde.org/show_bug.cgi?id=102328
secunia
  • 14908
  • 28114
sunalert
  • 103170
  • 201320
suse SUSE-SA:2005:022
vupen
  • ADV-2005-0331
  • ADV-2007-4241
Last major update 07-03-2011 - 21:21
Published 02-05-2005 - 00:00
Last modified 19-10-2018 - 11:31
Back to Top