A vulnerability has been discovered in Qt, which can be exploited by malicious people to potentially compromise an application using the library.
The vulnerability is caused due to the "QTextEngine::LayoutData::reallocate()" function in src/gui/text/qtextengine.cpp not properly checking the return value of a memory reallocation, which can be exploited to cause a memory corruption by e.g. visiting a specially crafted website in an application the QtWebKit component.
Note: Successful exploitation may require that Qt has been compiled with the QT_NO_EXCEPTIONS (-no-exceptions) setting.
Solution: Update to version 4.7.2 or later.
Provided and/or discovered by: Originally reported as a Denial of Service in Arora by D4rk357.
Additional information provided by Secunia Research.
Original Advisory: D4rk357:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org