<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200412-17"> <title>kfax: Multiple overflows in the included TIFF library</title> <synopsis> kfax contains several buffer overflows potentially leading to execution of arbitrary code. </synopsis> <product type="ebuild">kfax</product> <announced>2004-12-19</announced> <revised count="04">2005-01-12</revised> <bug>73795</bug> <access>remote</access> <affected> <package name="kde-base/kdegraphics" auto="yes" arch="*"> <unaffected range="ge">3.3.2</unaffected> <vulnerable range="lt">3.3.2</vulnerable> </package> </affected> <background> <p> KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. kfax (part of kdegraphics) is the KDE fax file viewer. </p> </background> <description> <p> Than Ngo discovered that kfax contains a private copy of the TIFF library and is therefore subject to several known vulnerabilities (see References). </p> </description> <impact type="normal"> <p> A remote attacker could entice a user to view a carefully-crafted TIFF image file with kfax, which would potentially lead to execution of arbitrary code with the rights of the user running kfax. </p> </impact> <workaround> <p> The KDE Team recommends to remove the kfax binary as well as the kfaxpart.la KPart: </p> <code> rm /usr/kde/3.*/lib/kde3/kfaxpart.la rm /usr/kde/3.*/bin/kfax</code> <p> Note: This will render the kfax functionality useless, if kfax functionality is needed you should upgrade to the KDE 3.3.2 which is not stable at the time of this writing. </p> <p> There is no known workaround at this time. </p> </workaround> <resolution> <p> All kfax users should upgrade to the latest version: </p> <code> # emerge --sync # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.3.2"</code> </resolution> <references> <uri link="https://www.kde.org/info/security/advisory-20041209-2.txt">KDE Security Advisory: kfax libtiff vulnerabilities</uri> <uri link="https://www.gentoo.org/security/en/glsa/glsa-200410-11.xml">GLSA 200410-11</uri> <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803">CAN-2004-0803</uri> <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804">CAN-2004-0804</uri> <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886">CAN-2004-0886</uri> </references> <metadata tag="submitter" timestamp="2004-12-10T09:35:12Z"> jaervosz </metadata> <metadata tag="bugReady" timestamp="2004-12-19T16:51:18Z"> jaervosz </metadata> </glsa>