Lucene search

K
osvGoogleOSV:DSA-1426-1
HistoryDec 08, 2007 - 12:00 a.m.

qt-x11-free - several vulnerabilities

2007-12-0800:00:00
Google
osv.dev
10

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Several local/remote vulnerabilities have been discovered in the Qt GUI
library. The Common Vulnerabilities and Exposures project identifies the
following problems:

  • CVE-2007-3388
    Tim Brown and Dirk MĂźller discovered several format string
    vulnerabilities in the handling of error messages, which might lead
    to the execution of arbitrary code.
  • CVE-2007-4137
    Dirk MĂźller discovered an off-by-one buffer overflow in the Unicode
    handling, which might lead to the execution of arbitrary code.

For the old stable distribution (sarge), these problems have been fixed
in version 3:3.3.4-3sarge3. Packages for m68k will be provided later.

For the stable distribution (etch), these problems have been fixed in
version 3:3.3.7-4etch1.

For the unstable distribution (sid), these problems have been fixed in
version 3:3.3.7-8.

We recommend that you upgrade your qt-x11-free packages.

CPENameOperatorVersion
qt-x11-freeeq3:3.3.7-4

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P