Source: okular Version: 4:26.04.0-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi >From https://kde.org/info/security/advisory-20260511-3.txt KDE Project Security Advisory ============================= Title: Okular: heap out-of-bounds read in fax backend Ghostscript header handling Risk Rating: Medium CVE: PENDING Versions: Okular <= 26.04.0 Author: George Karagiannidis Date: 11 May 2026 Overview ======== Okular is a universal document viewer. The fax backend in generators/fax/faxdocument.cpp contains special handling for Ghostscript / PC Research fax headers. After matching the FAXMAGIC signature, the code unconditionally reads a byte at a fixed offset without verifying that the input buffer is large enough. Impact ====== Opening a crafted fax file triggers a heap out-of-bounds read in the fax parser. The leaked byte is stored in an internal field and may assist an attacker in chaining this issue with other vulnerabilities to bypass ASLR. Workaround ========== Do not open untrusted .g3 or .g4 fax files in vulnerable Okular builds. Solution ======== Update Okular >= 26.04.1 or apply https://commits.kde.org/okular/e5f088674223019fafac26800a2ae0c0d6afc85b Credits ======= Thanks to George Karagiannidis from TwelveSec for reporting this issue. Regards, Salvatore
