KDE Security Advisories

Reporting

Please report any possible security problems to security@kde.org. We will then be able to investigate the problem.

Reported security problems are handled according to the KDE Security Policy.

Advisories

The KDE Security Advisories are crosslinked in the KDE Information Pages of the KDE versions to which they apply to. The listing below is in chronological order.

• 2012-08-10 Calligra and KOffice Input Validation Failure
• 2011-10-03 KSSL and Rekonq Input Validation Failure
• 2011-04-11 Konqueror Partially Universal XSS Vulnerability in Error Pages
• 2010-08-25 Okular PDB Processing Memory Corruption Vulnerability
• 2010-05-13 KGet Directory Traversal and Insecure File Operation Vulnerabilities
• 2010-04-13 KDM Local Privilege Escalation Vulnerability
• 2010-02-17 KRunner lock module race condition
• 2009-10-27 XMLHttpRequest vulnerability and kioslave input validation issues
• 2008-04-26 start_kdeinit multiple vulnerabilities
• 2008-04-26 KHTML PNG Loader Buffer Overflow
• 2007-11-07 kpdf/kword/xpdf multiple xpdf based vulnerabilities
• 2007-09-19 KDM passwordless login vulnerability
• 2007-09-14 Konqueror address bar spoofing
• 2007-07-30 kpdf/kword/xpdf stack based buffer overflow
• 2007-03-26 KIO FTP ioslave PASV vulnerability
• 2007-02-06 KHTML/Konqueror <title> XSS vulnerability
• 2007-01-15 kpdf/kword/xpdf denial of service vulnerability
• 2007-01-09 ksirc denial of service vulnerability
• 2006-12-05 KOffice OLEfilter integer overflow
• 2006-11-29 JPEG-EXIF Meta Information DoS vulnerability
• 2006-06-14 KDM symlink attack vulnerability
• 2006-06-14 artswrapper return value checking vulnerability
• 2006-04-04 Kaffeine http_peek() buffer overflow
• 2006-03-10 kpdf/xpdf heap based buffer overflow
• 2006-02-02 kpdf/xpdf heap based buffer overflow
• 2006-01-19 kjs encodeuri/decodeuri heap overflow vulnerability
• 2006-01-03 kpdf/xpdf multiple integer overflows
• 2005-10-11 KOffice KWord RTF import buffer overflow
• 2005-09-05 kcheckpass local root vulnerability
• 2005-08-15 langen2kvtml tempfile handling vulnerability
• 2005-08-09 kpdf infinite temp file DoS
• 2005-07-21 libgadu multiple vulnerabilities
• 2005-07-18 Kate backup file permission leak
• 2005-05-04 Patch updates for kimgio and Kommander
• 2005-04-21 kimgio input validation errors
• 2005-04-20 Kommander untrusted code execution
• 2005-03-16 Local DCOP denial of service vulnerability
• 2005-03-16 Konqueror International Domain Name Spoofing
• 2005-03-16 Insecure temporary file creation by dcopidlng
• 2005-02-28 kppp Privileged fd Leak Vulnerability
• 2005-02-15 Buffer overflow in fliccd of kdeedu/kstars/indi
• 2005-01-21 Multiple vulnerabilities in Konversation
• 2005-01-20 KOffice PDF import filter buffer overflow (third)
• 2005-01-19 kpdf buffer overflow
• 2005-01-01 ftp kioslave command injection
• 2004-12-23 KOffice PDF importer integer overflow vulnerability
• 2004-12-23 kpdf Buffer Overflow Vulnerability
• 2004-12-20 Konqueror Java Vulnerability
• 2004-12-13 Konqueror Window Injection Vulnerability
• 2004-12-09 kfax libtiff vulnerabilities
• 2004-12-09 plain text password exposure
• 2004-10-30 KOffice PDF importer integer overflow vulnerability
• 2004-10-21 multiple kpdf integer overflows
• 2004-08-23 Konqueror Cross-Domain Cookie Injection
• 2004-08-11 Temporary Directory Vulnerability
• 2004-08-11 DCOPServer Temporary Filename Vulnerability
• 2004-08-11 Konqueror Frame Injection Vulnerability
• 2004-05-17 URI Handler Vulnerabilities
• 2004-01-14 VCF file information reader vulnerability
• 2003-09-16 KDM local root / weak session cookie generation
• 2003-07-29 Konqueror HTTP Authentication credential leak
• 2003-06-02 KDE 2.2 / Konqueror Embedded SSL vulnerability
• 2003-04-09 PS/PDF file handling vulnerability
• 2002-12-20 Multiple KDE vulnerabilities
• 2002-11-11 resLISa / LISa Vulnerabilities
• 2002-11-11 rlogin.protocol and telnet.protocol URL KIO Vulnerability
• 2002-10-08 kpf Directory traversal
• 2002-10-08 KGhostview Arbitrary Code Execution
• 2002-09-08 Konqueror Cross Site Scripting Vulnerability
• 2002-09-08 Secure Cookie Vulnerability
• 2002-08-18 Konqueror SSL vulnerability
• 1998-11-18 KDE Screensaver Vulnerability