CVE-2010-2575Improper Restriction of Operations within the Bounds of a Memory Buffer in SC

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
4.2%
top 11.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
KDE OkularKDE SC
Timeline
PublishedAug 30
Latest updateMay 14

Description

Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debiankde/okular< 4:4.4.5-2+3
NVDkde/kde_sc13 versions+12

Patches

Patch: www.kde.orgPatch: www.kde.org

🔴Vulnerability Details

3
GHSA
GHSA-gp5q-hh2p-748v: Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image2022-05-14
OSV
CVE-2010-2575: Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image2010-08-30
CVEList
CVE-2010-2575: Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image2010-08-30

📋Vendor Advisories

3
Ubuntu
okular vulnerability2010-08-27
Red Hat
kdegraphics: a boundary error in Okular2010-08-25
Debian
CVE-2010-2575: okular - Heap-based buffer overflow in the RLE decompression functionality in the Transcr...2010

💬Community

2
Bugzilla
CVE-2010-2575 kdegraphics: integer overflow error in Okular [fedora-all]2010-08-25
Bugzilla
CVE-2010-2575 kdegraphics: a boundary error in Okular2010-08-24
CVE-2010-2575 — KDE SC vulnerability | cvebase