Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-4137

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.

Published

2007-09-18T19:17:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	conectiva	linux	9.0	No
Operating System	conectiva	linux	10.0	No
Operating System	gentoo	linux	*	No
Operating System	mandrakesoft	mandrake_linux	9.2	No
Operating System	mandrakesoft	mandrake_linux	9.2	No
Operating System	mandrakesoft	mandrake_linux	10.0	No
Operating System	mandrakesoft	mandrake_linux	10.0	No
Operating System	mandrakesoft	mandrake_linux	2007	No
Operating System	mandrakesoft	mandrake_linux	2007	No
Operating System	mandrakesoft	mandrake_linux	2007.1	No
Operating System	mandrakesoft	mandrake_linux	2007.1	No
Operating System	mandrakesoft	mandrake_linux_corporate_server	3.0	No
Operating System	mandrakesoft	mandrake_linux_corporate_server	3.0	No
Operating System	mandrakesoft	mandrake_linux_corporate_server	4.0	No
Operating System	mandrakesoft	mandrake_linux_corporate_server	4.0	No
Operating System	redhat	enterprise_linux	2.1	No
Operating System	redhat	enterprise_linux	2.1	No
Operating System	redhat	enterprise_linux	2.1	No
Operating System	redhat	enterprise_linux	3.0	No
Operating System	redhat	enterprise_linux	3.0	No
Operating System	redhat	enterprise_linux	3.0	No
Operating System	redhat	enterprise_linux	4.0	No
Operating System	redhat	enterprise_linux	4.0	No
Operating System	redhat	enterprise_linux	4.0	No
Operating System	redhat	enterprise_linux	5.0	No
Operating System	redhat	enterprise_linux	5.0	No
Operating System	redhat	enterprise_linux	5.0	No
Operating System	redhat	linux	2.1	No
Operating System	redhat	linux	3.0	No
Operating System	redhat	linux	4.0	No
Operating System	ubuntu	ubuntu_linux	6.06_lts	No
Operating System	ubuntu	ubuntu_linux	6.06_lts	No
Operating System	ubuntu	ubuntu_linux	6.06_lts	No
Operating System	ubuntu	ubuntu_linux	6.06_lts	No
Operating System	ubuntu	ubuntu_linux	6.10	No
Operating System	ubuntu	ubuntu_linux	6.10	No
Operating System	ubuntu	ubuntu_linux	6.10	No
Operating System	ubuntu	ubuntu_linux	6.10	No
Operating System	ubuntu	ubuntu_linux	7.04	No
Operating System	ubuntu	ubuntu_linux	7.04	No
Operating System	ubuntu	ubuntu_linux	7.04	No
Operating System	ubuntu	ubuntu_linux	7.04	No
Application	trolltech	qt	3.0	Yes
Application	trolltech	qt	3.0.3	Yes
Application	trolltech	qt	3.0.5	Yes
Application	trolltech	qt	3.1	Yes
Application	trolltech	qt	3.1.1	Yes
Application	trolltech	qt	3.1.2	Yes
Application	trolltech	qt	3.2.1	Yes
Application	trolltech	qt	3.2.3	Yes
Application	trolltech	qt	3.3.0	Yes
Application	trolltech	qt	3.3.1	Yes
Application	trolltech	qt	3.3.2	Yes
Application	trolltech	qt	3.3.3	Yes
Application	trolltech	qt	3.3.4	Yes
Application	trolltech	qt	3.3.5	Yes
Application	trolltech	qt	3.3.6	Yes
Application	trolltech	qt	3.3.7	Yes
Application	trolltech	qt	3.3.8	Yes
Application	trolltech	qt	4.1	Yes
Application	trolltech	qt	4.1.4	Yes
Application	trolltech	qt	4.1.5	Yes
Application	trolltech	qt	4.2	Yes
Application	trolltech	qt	4.2.1	Yes
Application	trolltech	qt	4.2.3	Yes

References

ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc ([email protected])
http://bugs.gentoo.org/show_bug.cgi?id=192472 ([email protected])
http://dist.trolltech.com/developer/download/175791_3.diff ([email protected])
http://dist.trolltech.com/developer/download/175791_4.diff ([email protected])
http://fedoranews.org/updates/FEDORA-2007-221.shtml ([email protected])
http://fedoranews.org/updates/FEDORA-2007-703.shtml ([email protected])
http://osvdb.org/39384 ([email protected])
http://secunia.com/advisories/26778 Vendor Advisory ([email protected])
http://secunia.com/advisories/26782 Vendor Advisory ([email protected])
http://secunia.com/advisories/26804 ([email protected])
http://secunia.com/advisories/26811 Vendor Advisory ([email protected])
http://secunia.com/advisories/26857 ([email protected])
http://secunia.com/advisories/26868 ([email protected])
http://secunia.com/advisories/26882 ([email protected])
http://secunia.com/advisories/26987 ([email protected])
http://secunia.com/advisories/27053 ([email protected])
http://secunia.com/advisories/27275 ([email protected])
http://secunia.com/advisories/27382 ([email protected])
http://secunia.com/advisories/27996 ([email protected])
http://secunia.com/advisories/28021 ([email protected])
http://security.gentoo.org/glsa/glsa-200710-28.xml ([email protected])
http://security.gentoo.org/glsa/glsa-200712-08.xml ([email protected])
http://securitytracker.com/id?1018688 ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm ([email protected])
http://trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119 ([email protected])
http://www.debian.org/security/2007/dsa-1426 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:183 ([email protected])
http://www.novell.com/linux/security/advisories/2007_19_sr.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0883.html ([email protected])
http://www.securityfocus.com/archive/1/481498/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/25657 ([email protected])
http://www.ubuntu.com/usn/usn-513-1 ([email protected])
http://www.vupen.com/english/advisories/2007/3144 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=269001 ([email protected])
https://issues.rpath.com/browse/RPL-1751 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11159 ([email protected])
ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc (af854a3a-2127-422b-91ae-364da2661108)
http://bugs.gentoo.org/show_bug.cgi?id=192472 (af854a3a-2127-422b-91ae-364da2661108)
http://dist.trolltech.com/developer/download/175791_3.diff (af854a3a-2127-422b-91ae-364da2661108)
http://dist.trolltech.com/developer/download/175791_4.diff (af854a3a-2127-422b-91ae-364da2661108)
http://fedoranews.org/updates/FEDORA-2007-221.shtml (af854a3a-2127-422b-91ae-364da2661108)
http://fedoranews.org/updates/FEDORA-2007-703.shtml (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/39384 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26778 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26782 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26804 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26811 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26857 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26868 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26882 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26987 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27053 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27275 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27382 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27996 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28021 (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200710-28.xml (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200712-08.xml (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1018688 (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm (af854a3a-2127-422b-91ae-364da2661108)
http://trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1426 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:183 (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2007_19_sr.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0883.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/481498/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/25657 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-513-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/3144 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=269001 (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1751 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11159 (af854a3a-2127-422b-91ae-364da2661108)