Candidate: CVE-2010-2575
PublicDate: 2010-08-30 21:00:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2575
Description:
 Heap-based buffer overflow in the RLE decompression functionality in the
 TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp
 in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a
 denial of service (application crash) or possibly execute arbitrary code
 via a crafted image in a PDB file.
Ubuntu-Description: 
Notes: 
  sbeattie> patch/cve notification from jriddell
  sbeattie> kpdf (the precursor to okular) does not appear to be
    affected
Bugs: 
Priority: medium
Discovered-by: Stefan Cornelius of Secunia Research
Assigned-to: Steve Beattie
CVSS: 

Patches_kdegraphics:
  upstream: http://websvn.kde.org/?view=revision&revision=1167827
upstream_kdegraphics: released
dapper_kdegraphics: not-affected (kpdf)
hardy_kdegraphics: not-affected (kpdf)
jaunty_kdegraphics: released (4:4.2.2-0ubuntu2.1)
karmic_kdegraphics: released (4:4.3.2-0ubuntu1.1)
lucid_kdegraphics: released (4:4.4.2-0ubuntu1.1)
devel_kdegraphics: released (4:4.5.0b-0ubuntu3)