An integer overflow flaw that could lead to a heap-based buffer overflow was found in Okular by Secunia. If a user were to open a malicious PDF or PostScript file, it could cause Okular to crash or, potentially, lead to the execution of arbitrary code with the privileges of the user running Okular. This issue has been assigned the name CVE-2010-2575 and only affects KDE4.
Created attachment 440676 [details] patch from upstream to correct the issue This patch applies to 4.3, 4.4, and 4.5.
This is now public: http://kde.org/info/security/advisory-20100825-1.txt
Created kdegraphics tracking bugs for this issue Affects: fedora-all [bug 627289]