An integer overflow flaw that could lead to a heap-based buffer overflow was found in Okular by Secunia. If a user were to open a malicious PDF or PostScript file, it could cause Okular to crash or, potentially, lead to the execution of arbitrary code with the privileges of the user running Okular.
This issue has been assigned the name CVE-2010-2575 and only affects KDE4.
Created attachment 440676 [details]
patch from upstream to correct the issue
This patch applies to 4.3, 4.4, and 4.5.
This is now public:
Created kdegraphics tracking bugs for this issue
Affects: fedora-all [bug 627289]
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.