CVE-2007-4137 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-4137
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4137

Description: Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-513-1 SUSE http://www.novell.com/linux/security/advisories/2007_19_sr.html ST 1018688 SGI SAID Secunia Advisory: SA26811 Secunia Advisory: SA26782 Secunia Advisory: SA26778 Secunia Advisory: SA26857 Secunia Advisory: SA26804 Secunia Advisory: SA26868 Secunia Advisory: SA26882 Secunia Advisory: SA27053 Secunia Advisory: SA26987 Secunia Advisory: SA27275 Secunia Advisory: SA27382 Secunia Advisory: SA27996 Secunia Advisory: SA28021 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0883.html MISC http://dist.trolltech.com/developer/download/175791_3.diff http://dist.trolltech.com/developer/download/175791_4.diff MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:183 GENTOO http://security.gentoo.org/glsa/glsa-200712-08.xml http://security.gentoo.org/glsa/glsa-200710-28.xml FEDORA http://fedoranews.org/updates/FEDORA-2007-221.shtml http://fedoranews.org/updates/FEDORA-2007-703.shtml DEBIAN http://www.debian.org/security/2007/dsa-1426 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm http://bugs.gentoo.org/show_bug.cgi?id=192472 http://trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/481498/100/0/threaded BID 25657

Return to the previous page.