Source: okular Version: 4:26.04.0-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi >From https://kde.org/info/security/advisory-20260511-1.txt: KDE Project Security Advisory ============================= Title: Okular: heap out-of-bounds write in fax backend on zero-length input Risk Rating: High CVE: PENDING Versions: Okular <= 26.04.0 Author: George Karagiannidis Date: 11 May 2026 Overview ======== Okular is a universal document viewer. The fax backend in generators/fax/faxdocument.cpp does not validate zero-length input before writing two sentinel values into a freshly allocated heap buffer, resulting in a heap out-of-bounds write before the start of the allocation. Impact ====== Opening a crafted fax file triggers a heap out-of-bounds write in the fax parser. This may lead to memory corruption depending on allocator behavior and heap layout. Workaround ========== Do not open untrusted .g3 or .g4 fax files in vulnerable Okular builds. Solution ======== Update Okular >= 26.04.1 or apply https://commits.kde.org/okular/466786c354d890e39a3871f80ed686958d2513a2 Credits ======= Thanks to George Karagiannidis from TwelveSec for reporting this issue. Regards, Salvatore
