Upstream information

CVE-2006-6297 at MITRE

Description

Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 222089 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SuSE Linux Desktop 1.0
  • kdegraphics3 >= 3.1.1-151
core9.s390
sles10.s390x
sled10.x86
sles9-oes.x86
ZYPP Patch Nr: 2301
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Open Enterprise Server
  • kdegraphics3 >= 3.2.1-67.18
core9.s390
sles10.s390x
sled10.x86
sles9-oes.x86
ZYPP Patch Nr: 2301
SUSE LINUX 10.0
  • kdegraphics3 >= 3.4.2-12.4
SUSE LINUX 10.1
  • kdegraphics3 >= 3.5.1-23.9
SUSE LINUX 9.3
  • kdegraphics3 >= 3.4.0-11.7