Vulnerability Details : CVE-2010-2575
Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-2575
Probability of exploitation activity in the next 30 days: 6.01%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2575
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2010-2575
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2575
-
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:018
-
http://www.ubuntu.com/usn/USN-979-1
USN-979-1: okular vulnerability | Ubuntu security notices
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046524.html
[SECURITY] Fedora 13 Update: kdegraphics-4.4.5-3.fc13
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.340142
The Slackware Linux Project: Slackware Security Advisories
-
http://www.vupen.com/english/advisories/2010/2230
Webmail | OVH- OVH
-
http://www.securityfocus.com/archive/1/513341/100/0/threaded
SecurityFocus
-
http://www.vupen.com/english/advisories/2010/2206
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2010/2219
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2010/2178
Webmail | OVH- OVHVendor Advisory
-
http://www.vupen.com/english/advisories/2010/2202
Webmail | OVH- OVH
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046448.html
[SECURITY] Fedora 14 Update: kdegraphics-4.5.0-2.fc14
-
https://bugzilla.redhat.com/show_bug.cgi?id=627289
627289 – CVE-2010-2575 kdegraphics: integer overflow error in Okular [fedora-all]
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/61371
KDE Okular PDB image.cpp buffer overflow CVE-2010-2575 Vulnerability Report
-
http://www.kde.org/info/security/advisory-20100825-1.txt
Patch;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:162
mandriva.com
-
http://www.vupen.com/english/advisories/2010/2179
Webmail | OVH- OVHVendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046542.html
[SECURITY] Fedora 12 Update: kdegraphics-4.4.5-3.fc12
Products affected by CVE-2010-2575
- cpe:2.3:a:kde:kde_sc:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.5:*:*:*:*:*:*:*