KdeCVEs & Vulnerabilities

195 CVEs affecting Kde products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

kde 468konqueror 201kde sc 160kdelibs 76koffice 57k-mail 37kpdf 15kdegraphics 10
CVE-2007-1565HIGH

Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI.

21 Mar 2007
7.8
CVSS
CVE-2007-1564MEDIUMpoc

The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

21 Mar 2007
6.8
CVSS
CVE-2006-7139LOWpoc

Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations.

7 Mar 2007
2.6
CVSS
CVE-2007-1308MEDIUMpoc

ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.

7 Mar 2007
4.3
CVSS
CVE-2007-1265HIGH

KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

6 Mar 2007
7.8
CVSS
CVE-2007-0537LOW

The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.

29 Jan 2007
2.6
CVSS
CVE-2007-0104MEDIUM

The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

9 Jan 2007
6.8
CVSS
CVE-2006-6811MEDIUMpoc

KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.

29 Dec 2006
6.5
CVSS
CVE-2006-6660MEDIUMpoc

The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.

21 Dec 2006
4.3
CVSS
CVE-2006-6297MEDIUM

Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion.

5 Dec 2006
5.0
CVSS
CVE-2006-6120MEDIUM

Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow.

3 Dec 2006
6.8
CVSS
CVE-2006-3742CRITICAL

The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.

6 Sep 2006
10.0
CVSS
CVE-2006-2933MEDIUM

kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop.

28 Jul 2006
4.6
CVSS
CVE-2006-3672LOWpoc

KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument.

18 Jul 2006
2.6
CVSS
CVE-2006-2449MEDIUM

KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.

15 Jun 2006
4.0
CVSS
CVE-2006-2916HIGH

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

15 Jun 2006
7.8
CVSS
CVE-2006-0019HIGH

Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.

20 Jan 2006
7.5
CVSS
CVE-2005-3624MEDIUM

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

31 Dec 2005
5.0
CVSS
CVE-2005-3625CRITICAL

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

31 Dec 2005
10.0
CVSS
CVE-2005-3626MEDIUM

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

31 Dec 2005
5.0
CVSS
CVE-2005-4684MEDIUM

Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.

31 Dec 2005
6.4
CVSS
CVE-2005-2971HIGH

Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file.

20 Oct 2005
7.5
CVSS
CVE-2005-2494HIGH

kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files.

7 Sep 2005
7.2
CVSS
CVE-2005-2101MEDIUM

langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files.

17 Aug 2005
5.0
CVSS
CVE-2005-2097LOW

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.

16 Aug 2005
2.1
CVSS
CVE-2005-1852HIGH

Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.

26 Jul 2005
7.5
CVSS
CVE-2005-1920HIGH

The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.

26 Jul 2005
7.5
CVSS
CVE-2005-0011CRITICAL

Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.

2 May 2005
10.0
CVSS
CVE-2005-0078MEDIUM

The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.

2 May 2005
4.6
CVSS
CVE-2005-0205MEDIUM

KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.

2 May 2005
4.6
CVSS
CVE-2005-0237MEDIUM

The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

2 May 2005
5.0
CVSS
CVE-2005-0365LOW

The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.

2 May 2005
2.1
CVSS
CVE-2005-0396LOW

Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE before 3.4 allows local users to cause a denial of service (dcopserver consumption) by "stalling the DCOP authentication process."

2 May 2005
2.1
CVSS
CVE-2005-1046HIGH

Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.

2 May 2005
7.5
CVSS
CVE-2005-0404MEDIUMpoc

KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.

2 May 2005
5.0
CVSS
CVE-2005-0206HIGH

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

27 Apr 2005
7.5
CVSS
CVE-2005-0754HIGH

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

22 Apr 2005
7.5
CVSS
CVE-2004-0886MEDIUM

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

27 Jan 2005
5.0
CVSS
CVE-2004-0888CRITICAL

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

27 Jan 2005
10.0
CVSS
CVE-2004-0889CRITICAL

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

27 Jan 2005
10.0
CVSS
CVE-2004-1125CRITICAL

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.

10 Jan 2005
9.3
CVSS
CVE-2004-1158HIGH

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

10 Jan 2005
7.5
CVSS
CVE-2004-1171LOW

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

10 Jan 2005
2.1
CVSS
CVE-2004-1165HIGHpoc

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

10 Jan 2005
7.5
CVSS
CVE-2004-1491MEDIUMpoc

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

31 Dec 2004
5.0
CVSS
CVE-2004-0803HIGH

Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

23 Dec 2004
7.5
CVSS
CVE-2004-0867HIGH

Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.

23 Dec 2004
7.5
CVSS
CVE-2004-0746HIGH

Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

20 Oct 2004
7.5
CVSS