The bug, described as an incorrect bounds check in kjs, the JavaScript interpreter engine used by the Konqueror browser and other parts of KDE, allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences. This effectively means that remotely supplied malicious JavaScript code could perform a heap overflow and crash a web browser, or worse, execute arbitrary code, essentially giving control of the machine to a remote attacker.
Versions 3.2.0 to 3.5.0 of KDE are affected, but KDE has already released a patch for the source code. Affected Linux vendors followed suit shortly afterwards, with Red Hat, Debian, Suse and Gentoo amongst others issuing binary patches for their distributions.
The original KDE advisory is available in the link below.
_(37).jpg&h=140&w=231&c=1&s=0)
_(36).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
.jpg&h=271&w=480&c=1&s=1)
_(1).jpg&h=140&w=231&c=1&s=0)
