Gentoo Logo

KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200404-02 / kde-base/kde
Release Date April 06, 2004
Latest Revision April 06, 2004: 01
Impact high
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
kde-base/kde <= 3.1.4 >= 3.1.5 All supported architectures

Related bugreports: #38256


KDE-PIM may be vulnerable to a remote buffer overflow attack that may allow unauthorized access to an affected system.

2.  Impact Information


KDE-PIM is an application suite designed to manage mail, addresses, appointments, and contacts.


A buffer overflow may occur in KDE-PIM's VCF file reader when a maliciously crafted VCF file is opened by a user on a vulnerable system.


A remote attacker may unauthorized access to a user's personal data or execute commands with the user's privileges.

3.  Resolution Information


A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.


KDE users should upgrade to version 3.1.5 or later:

Code Listing 3.1: Resolution

# emerge sync

# emerge -pv ">=kde-base/kde-3.1.5"
# emerge ">=kde-base/kde-3.1.5"

4.  References


Page updated April 06, 2004

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.