KDE struck by major security flaw

By Derek Sooman on
Users of the popular KDE environment for Linux will be unhappy to hear that Linux vendors are warning of a serious security flaw affecting the software. This bug is the most serious to hit KDE for almost a year, and relates to kjs, a Javascript interpreter used by the Konqueror Web browser and other parts of KDE. Seemingly, an incorrect bounds check in the interpreter allows a heap based buffer overflow when decoding maliciously crafted URI sequences encoded with UTF-8. This could be utilised by a malicious attacker to crash programs using kjs, such as Konqueror. Exploits are also possible which would execute malicious code.

Security vendor Secunia, which maintains a vulnerabilities database, said the flaw was "highly critical".

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.