Lucene search

[email protected]NVD:CVE-2007-4137

HistorySep 18, 2007 - 7:17 p.m.

CVE-2007-4137

2007-09-1819:17:00

CWE-119

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.5%

JSON

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.

Affected configurations

NVD

Node

conectivalinuxMatch9.0

conectivalinuxMatch10.0

gentoolinux

mandrakesoftmandrake_linuxMatch9.2

mandrakesoftmandrake_linuxMatch9.2amd64

mandrakesoftmandrake_linuxMatch10.0

mandrakesoftmandrake_linuxMatch10.0amd64

mandrakesoftmandrake_linuxMatch2007

mandrakesoftmandrake_linuxMatch2007x86_64

mandrakesoftmandrake_linuxMatch2007.1

mandrakesoftmandrake_linuxMatch2007.1x86_64

mandrakesoftmandrake_linux_corporate_serverMatch3.0

mandrakesoftmandrake_linux_corporate_serverMatch3.0x86_64

mandrakesoftmandrake_linux_corporate_serverMatch4.0

mandrakesoftmandrake_linux_corporate_serverMatch4.0x86_64

redhatenterprise_linuxMatch2.1as

redhatenterprise_linuxMatch2.1aw

redhatenterprise_linuxMatch2.1es

redhatenterprise_linuxMatch3.0as

redhatenterprise_linuxMatch3.0es

redhatenterprise_linuxMatch3.0ws

redhatenterprise_linuxMatch4.0as

redhatenterprise_linuxMatch4.0es

redhatenterprise_linuxMatch4.0ws

redhatenterprise_linuxMatch5.0client

redhatenterprise_linuxMatch5.0client_workstation

redhatenterprise_linuxMatch5.0server

redhatlinuxMatch2.1aw_itanium

redhatlinuxMatch3.0

redhatlinuxMatch4.0

ubuntuubuntu_linuxMatch6.06_ltsamd64

ubuntuubuntu_linuxMatch6.06_ltsi386

ubuntuubuntu_linuxMatch6.06_ltspowerpc

ubuntuubuntu_linuxMatch6.06_ltssparc

ubuntuubuntu_linuxMatch6.10amd64

ubuntuubuntu_linuxMatch6.10i386

ubuntuubuntu_linuxMatch6.10powerpc

ubuntuubuntu_linuxMatch6.10sparc

ubuntuubuntu_linuxMatch7.04amd64

ubuntuubuntu_linuxMatch7.04i386

ubuntuubuntu_linuxMatch7.04powerpc

ubuntuubuntu_linuxMatch7.04sparc

AND

trolltechqtMatch3.0

trolltechqtMatch3.0.3

trolltechqtMatch3.0.5

trolltechqtMatch3.1

trolltechqtMatch3.1.1

trolltechqtMatch3.1.2

trolltechqtMatch3.2.1

trolltechqtMatch3.2.3

trolltechqtMatch3.3.0

trolltechqtMatch3.3.1

trolltechqtMatch3.3.2

trolltechqtMatch3.3.3

trolltechqtMatch3.3.4

trolltechqtMatch3.3.5

trolltechqtMatch3.3.6

trolltechqtMatch3.3.7

trolltechqtMatch3.3.8

trolltechqtMatch4.1

trolltechqtMatch4.1.4

trolltechqtMatch4.1.5

trolltechqtMatch4.2

trolltechqtMatch4.2.1

trolltechqtMatch4.2.3

References

ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc

bugs.gentoo.org/show_bug.cgi?id=192472

dist.trolltech.com/developer/download/175791_3.diff

dist.trolltech.com/developer/download/175791_4.diff

fedoranews.org/updates/FEDORA-2007-221.shtml

fedoranews.org/updates/FEDORA-2007-703.shtml

osvdb.org/39384

secunia.com/advisories/26778

secunia.com/advisories/26782

secunia.com/advisories/26804

secunia.com/advisories/26811

secunia.com/advisories/26857

secunia.com/advisories/26868

secunia.com/advisories/26882

secunia.com/advisories/26987

secunia.com/advisories/27053

secunia.com/advisories/27275

secunia.com/advisories/27382

secunia.com/advisories/27996

secunia.com/advisories/28021

security.gentoo.org/glsa/glsa-200710-28.xml

security.gentoo.org/glsa/glsa-200712-08.xml

securitytracker.com/id?1018688

support.avaya.com/elmodocs2/security/ASA-2007-424.htm

trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119

www.debian.org/security/2007/dsa-1426

www.mandriva.com/security/advisories?name=MDKSA-2007:183

www.novell.com/linux/security/advisories/2007_19_sr.html

www.redhat.com/support/errata/RHSA-2007-0883.html

www.securityfocus.com/archive/1/481498/100/0/threaded

www.securityfocus.com/bid/25657

www.ubuntu.com/usn/usn-513-1

www.vupen.com/english/advisories/2007/3144

bugzilla.redhat.com/show_bug.cgi?id=269001

issues.rpath.com/browse/RPL-1751

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11159

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.5%

JSON

Related for NVD:CVE-2007-4137

nessus13 openvas15 debiancve1 veracode1 ubuntu1 cve1 securityvulns2 ubuntucve1 prion1 cvelist1 gentoo1 fedora2 oraclelinux1 centos2 debian1 osv1 redhat1