Threat Center Security News Vulnerability in KHTML
Vulnerability in KHTML Print E-mail
Written by Rebecca Mints   
Sunday, 27 April 2008 18:00

The processing of a carefully crafted PNG image could allow for a KHTML library program to crash or even allow malware to be injected, according to the developers of KDE. The problem lies with a potential buffer overload. Thankfully a source code patch has been released.

A new PNG loader was integrated into the desktop when the developers released KDE 4.0. If a hacker creates carefully crafted PNG images and submits them a buffer overload may occur. If exploited the entire program crashes. To top it off injected code execution is also a possibility, warned the KDE developers.

KDE project's FTP servers host a source code patch that will fix the problem. In the near future Linux will be releasing an update with the patch as well, and users are warned that they should employ the new patches as soon as possible.

heise Open Source
PNG processing vulnerability in KHTML


WTW Threat Level