Lucene search

PRIOn knowledge basePRION:CVE-2007-4137

HistorySep 18, 2007 - 7:17 p.m.

Heap overflow

2007-09-1819:17:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.7%

JSON

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.

CPENameOperatorVersion
qteq3.0
qteq3.0.3
qteq3.0.5
qteq3.1
qteq3.1.1
qteq3.1.2
qteq3.2.1
qteq3.2.3
qteq3.3.0
qteq3.3.1

Name	Operator	Version
qt	eq	3.0
qt	eq	3.0.3
qt	eq	3.0.5
qt	eq	3.1
qt	eq	3.1.1
qt	eq	3.1.2
qt	eq	3.2.1
qt	eq	3.2.3
qt	eq	3.3.0
qt	eq	3.3.1

Rows per page:

1-10 of 231

References

ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc

bugs.gentoo.org/show_bug.cgi?id=192472

dist.trolltech.com/developer/download/175791_3.diff

dist.trolltech.com/developer/download/175791_4.diff

fedoranews.org/updates/FEDORA-2007-221.shtml

fedoranews.org/updates/FEDORA-2007-703.shtml

osvdb.org/39384

secunia.com/advisories/26778

secunia.com/advisories/26782

secunia.com/advisories/26804

secunia.com/advisories/26811

secunia.com/advisories/26857

secunia.com/advisories/26868

secunia.com/advisories/26882

secunia.com/advisories/26987

secunia.com/advisories/27053

secunia.com/advisories/27275

secunia.com/advisories/27382

secunia.com/advisories/27996

secunia.com/advisories/28021

security.gentoo.org/glsa/glsa-200710-28.xml

security.gentoo.org/glsa/glsa-200712-08.xml

securitytracker.com/id?1018688

support.avaya.com/elmodocs2/security/ASA-2007-424.htm

trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119

www.debian.org/security/2007/dsa-1426

www.mandriva.com/security/advisories?name=MDKSA-2007:183

www.novell.com/linux/security/advisories/2007_19_sr.html

www.redhat.com/support/errata/RHSA-2007-0883.html

www.securityfocus.com/archive/1/481498/100/0/threaded

www.securityfocus.com/bid/25657

www.ubuntu.com/usn/usn-513-1

www.vupen.com/english/advisories/2007/3144

bugzilla.redhat.com/show_bug.cgi?id=269001

issues.rpath.com/browse/RPL-1751

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11159

6.2 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.7%

JSON

Related for PRION:CVE-2007-4137