Rapid7 Vulnerability & Exploit Database

RHSA-2009:1130: kdegraphics security update

Back to Search

RHSA-2009:1130: kdegraphics security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
06/10/2009
Created
07/25/2018
Added
09/12/2009
Modified
07/04/2017

Description

The kdegraphics packages contain applications for the K Desktop Environment(KDE). Scalable Vector Graphics (SVG) is an XML-based language to describevector images. KSVG is a framework aimed at implementing the latest W3C SVGspecifications.A use-after-free flaw was found in the KDE KSVG animation elementimplementation. A remote attacker could create a specially-crafted SVGimage, which once opened by an unsuspecting user, could cause a denial ofservice (Konqueror crash) or, potentially, execute arbitrary code with theprivileges of the user running Konqueror. (CVE-2009-1709)A NULL pointer dereference flaw was found in the KDE, KSVG SVGListinterface implementation. A remote attacker could create aspecially-crafted SVG image, which once opened by an unsuspecting user,would cause memory corruption, leading to a denial of service (Konquerorcrash). (CVE-2009-0945)All users of kdegraphics should upgrade to these updated packages, whichcontain backported patches to correct these issues. The desktop must berestarted (log out, then log back in) for this update to take effect.

Solution(s)

  • redhat-upgrade-kdegraphics
  • redhat-upgrade-kdegraphics-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;