In association with heise online

28 April 2008, 16:12

PNG processing vulnerability in KHTML

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of KDE have reported a security hole in the KHTML library which may cause the program to crash or allow injected malware to be executed when specially crafted PNG images are processed. A source code patch has been released.

When KDE 4.0 was released, the developers of the project integrated a new PNG loader into the desktop. A buffer overflow can be triggered in this loader by submitting specially crafted PNG images. This causes the program to crash, and KDE developers can't rule out that it may also be exploited to execute injected code.

A source code patch to fix the security hole is available on the KDE project's FTP servers. Linux distributors are expected to release updated packages shortly. Users are advised to install these as soon as they become available.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit