Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2010-2575

Disclosure Date: August 30, 2010
CVE-2010-2575
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2010-2575 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2575)
Advisory
USN-979-1 (http://www.ubuntu.com/usn/USN-979-1)
ADV-2010-2178 (http://www.vupen.com/english/advisories/2010/2178)
ADV-2010-2202 (http://www.vupen.com/english/advisories/2010/2202)
ADV-2010-2219 (http://www.vupen.com/english/advisories/2010/2219)
SECUNIA-41132 (http://secunia.com/advisories/41132)
http://www.kde.org/info/security/advisory-20100825-1.txt
20100825 Secunia Research: KDE Okular PDB Parsing RLE Decompression Buffer Overflow (http://www.securityfocus.com/archive/1/513341/100/0/threaded)
FEDORA-2010-13661 (http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046542.html)
FEDORA-2010-13629 (http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046524.html)
XF-okularpdb-imagecpp-bo(61371) (https://exchange.xforce.ibmcloud.com/vulnerabilities/61371)
ADV-2010-2206 (http://www.vupen.com/english/advisories/2010/2206)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:162
OSVDB-67454 (http://www.osvdb.org/67454)
ADV-2010-2230 (http://www.vupen.com/english/advisories/2010/2230)
SECUNIA-41086 (http://secunia.com/advisories/41086)
ADV-2010-2179 (http://www.vupen.com/english/advisories/2010/2179)
SECUNIA-40952 (http://secunia.com/advisories/40952)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
FEDORA-2010-13589 (http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046448.html)
https://bugzilla.redhat.com/show_bug.cgi?id=627289
Miscellaneous
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.340142
http://secunia.com/secunia_research/2010-109

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis