Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Kde | Kde | 3.2 (including) | 3.2 (including) |
| Kde | Kde | 3.2.0 (including) | 3.2.0 (including) |
| Kde | Kde | 3.2.0_beta1 (including) | 3.2.0_beta1 (including) |
| Kde | Kde | 3.2.1 (including) | 3.2.1 (including) |
| Kde | Kde | 3.2.2 (including) | 3.2.2 (including) |
| Kde | Kde | 3.2.3 (including) | 3.2.3 (including) |
| Kde | Kde | 3.2.x (including) | 3.2.x (including) |
| Kde | Kde | 3.3 (including) | 3.3 (including) |
| Kde | Kde | 3.3.0 (including) | 3.3.0 (including) |
| Kde | Kde | 3.3.1 (including) | 3.3.1 (including) |
| Kde | Kde | 3.3.2 (including) | 3.3.2 (including) |
| Kde | Kde | 3.3.x (including) | 3.3.x (including) |
| Kde | Kde | 3.4 (including) | 3.4 (including) |
| Kde | Kde | 3.4.0 (including) | 3.4.0 (including) |
| Kde | Kde | 3.4.1 (including) | 3.4.1 (including) |
| Kde | Kde | 3.4.2 (including) | 3.4.2 (including) |
| Kde | Kde | 3.5.0 (including) | 3.5.0 (including) |
| Kdelibs | Ubuntu | dapper | * |
| Kdelibs | Ubuntu | devel | * |
| Kdelibs | Ubuntu | edgy | * |
| Kdelibs | Ubuntu | feisty | * |
| Red Hat Enterprise Linux 4 | RedHat | kdelibs-6:3.3.1-3.14 | * |