Posted by Portcullis Advisories on Nov 19

Vulnerability title: Insufficient Input Validation By IO Slaves In KDE e.V. KDE
CVE: CVE-2014-8600
Vendor: KDE e.V.
Product: KDE
Affected version: kwebkitpart <= 1.3.4, kde-runtime <= 4.14.3, kio-extras <= 5.1.1
Fixed version: Contact distribution vendor
Reported by: T. Brown and D. Burton
Details:

Whilst investigating how KDE handles custom protocols, it was discovered that a number of the protocol handlers
(referred to as IO slaves)…