FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

kdelibs -- integer overflow in khtml

Affected packages
kdelibs < 3.5.4_4
kdelibs-nocups < 3.5.4_4
qt < 3.3.6_3
qt-copy < 3.3.6_3

Details

VuXML ID d8fbf13a-6215-11db-a59e-0211d85f11fb
Discovery 2006-10-14
Entry 2006-10-22

Red Hat reports:

An integer overflow flaw was found in the way Qt handled pixmap images. The KDE khtml library uses Qt in such a way that untrusted parameters could be passed to Qt, triggering the overflow. An attacker could for example create a malicious web page that when viewed by a victim in the Konqueror browser would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the victim.

References

CVE Name CVE-2006-4811
URL http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742
URL http://rhn.redhat.com/errata/RHSA-2006-0720.html