Source: okular Version: 4:26.04.0-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi >From https://kde.org/info/security/advisory-20260511-2.txt ============================= Title: Okular: heap out-of-bounds read in fax backend FAXMAGIC comparison Risk Rating: High CVE: PENDING Versions: Okular <= 26.04.0 Author: George Karagiannidis Date: 11 May 2026 Overview ======== Okular is a universal document viewer. The fax backend in generators/fax/faxdocument.cpp compares the input buffer against the FAXMAGIC signature without first ensuring that the allocated buffer is large enough for the full comparison, resulting in a heap out-of-bounds read. Impact ====== Opening a short crafted fax file triggers a heap out-of-bounds read in the fax parser. The comparison result against a fixed signature can leak information about adjacent heap content, which may assist an attacker in bypassing ASLR when chained with other vulnerabilities. Workaround ========== Do not open untrusted .g3 or .g4 fax files in vulnerable Okular builds. Solution ======== Update Okular >= 26.04.1 or apply https://commits.kde.org/okular/e5f088674223019fafac26800a2ae0c0d6afc85b Credits ======= Thanks to George Karagiannidis from TwelveSec for reporting this issue. Regards, Salvatore
