Slashdot Mirror

← Back to Stories (view on slashdot.org)

KDE Heap Overflow Vulnerability Found

Posted by CowboyNeal on Saturday January 21, 2006 @03:35AM from the holes-in-the-dike dept.

sayanchak writes "An incorrect bounds check has been discovered in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE, that allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences. It might allow malicious Javascript code to perform a heap overflow and crash Konqueror or even execute arbitrary code. Source diff patches for KDE 3.2.0 - 3.3.2 and KDE 3.4.0 - 3.5.0 are available."

1 of 233 comments (clear)

Min score:

Reason:

Sort:

Re:This is why I use Windows by Anonymous Coward · 2006-01-21 03:45 · Score: -1, Redundant

mod parent up as informative, please!

then mod this down as redundant!!

when will people understand that kde is third party software only??