Red Hat Bugzilla – Bug 113007
CAN-2003-0988 kdepim VCF parsing vulnerability
Last modified: 2007-11-30 17:07:00 EST
The KDE team found a buffer overflow in the file information reader of
VCF files. An attacker could construct a VCF file so that when it was
opened by a victim it would execute arbitrary commands. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2003-0988 to this issue.
CAN-2003-0988 Affects: 3AS 3ES 3WS
Note the kdepim packages in RHEL 2.1 are not affected by this issue.
RHSA-2004:005 will provide updated packages with a backported security
This issue is under embargo and will be opened on January 14th 2004.
Fixed, see http://rhn.redhat.com/errata/RHSA-2004-005.html