CVE-2008-1670
published 2008-04-28CVE-2008-1670: Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a…
PriorityP339critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
4.76%
90.8th percentile
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kdelibs: Buffer overflow in KHTML's image loader
vendor_redhat·2008-04-26·CVSS 9.3
CVE-2008-1670 [CRITICAL] kdelibs: Buffer overflow in KHTML's image loader
kdelibs: Buffer overflow in KHTML's image loader
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.
Statement: Not vulnerable. This issue did not affect versions of KDE as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
GHSA
GHSA-4r7g-h9xg-7p27: Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader
ghsa_unreviewed·2022-05-01
CVE-2008-1670 [HIGH] CWE-119 GHSA-4r7g-h9xg-7p27: Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.htmlhttp://secunia.com/advisories/29980http://www.kde.org/info/security/advisory-20080426-1.txthttp://www.securityfocus.com/bid/28937http://www.securitytracker.com/id?1019929http://www.vupen.com/english/advisories/2008/1371/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42038http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.htmlhttp://secunia.com/advisories/29980http://www.kde.org/info/security/advisory-20080426-1.txthttp://www.securityfocus.com/bid/28937http://www.securitytracker.com/id?1019929http://www.vupen.com/english/advisories/2008/1371/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/42038
2008-04-28
Published