From Secunia:
Description:
Two vulnerabilities have been reported in KTorrent, one of which has an unknown impact, and the other can be exploited by malicious people to overwrite arbitrary files on a user’s system.
1) The vulnerability is caused due to an unspecified error when processing messages with invalid chunk indexes.
2) An input validation error when processing paths of filenames within torrents can be exploited to e.g. overwrite arbitrary files with the privileges of the user running the application via directory traversal attacks.
[tags]KTorrent, Vulnerabilities, Patch, Peer to Peer[/tags]
