From Bugzilla Helper: User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020916 Description of problem: KGhostview includes a DSC 3.0 parser from GSview, which is vulnerable to a buffer overflow while parsing a specially crafted .ps input file. It also contains code from gv 3.5.x which is vulnerable to another buffer overflow triggered by malformed postscript or Adobe pdf files. Version-Release number of selected component (if applicable): How reproducible: Didn't try Steps to Reproduce: Viewing certain Postscript or PDF files can result in the execution of arbitary code placed in the file and as a result opens possibilities for any remote manipulation under the local user account. Additional info: KGhostView of any KDE release between KDE 1.1 and KDE 3.0.3a
It's fixed in 3.0.3-0.7.2. We will release it as errata soon