remote code execution in qt3

2007-08-0117:05:03

lists.opensuse.org

0.156 Low

EPSS

Percentile

95.3%

JSON

Format string bugs were found in several Qt warning messages. Applications using Qt for processing certain data types could trigger them if the data caused Qt to print warnings. The bugs potentially allow to execute arbitrary code via specially crafted files (CVE-2007-3388).

Solution

There is no known workaround, please install the update packages.

OSVersionArchitecturePackageVersionFilename
openSUSE10.1x86_64qt3-devel< 3.3.5-58.29qt3-devel-3.3.5-58.29.x86_64.rpm
openSUSE10.2ppcqt3-static< 3.3.7-17qt3-static-3.3.7-17.ppc.rpm
openSUSE10.2x86_64qt3-static< 3.3.7-17qt3-static-3.3.7-17.x86_64.rpm
openSUSE10.2i586qt3< 3.3.7-16qt3-3.3.7-16.i586.rpm
openSUSE10.0x86_64qt3-devel< 3.3.4-28.12qt3-devel-3.3.4-28.12.x86_64.rpm
SUSE Linux Enterprise Server10.1s390xqt3< 3.3.5-58.29qt3-3.3.5-58.29.s390x.rpm
openSUSE10.2ppcqt3< 3.3.7-16qt3-3.3.7-16.ppc.rpm
openSUSE10.0x86_64qt3-static< 3.3.4-28.12qt3-static-3.3.4-28.12.x86_64.rpm
openSUSE10.1x86_64qt3-32bit< 3.3.5-58.29qt3-32bit-3.3.5-58.29.x86_64.rpm
openSUSE10.2ppcqt3-devel< 3.3.7-16qt3-devel-3.3.7-16.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	10.1	x86_64	qt3-devel	< 3.3.5-58.29	qt3-devel-3.3.5-58.29.x86_64.rpm
openSUSE	10.2	ppc	qt3-static	< 3.3.7-17	qt3-static-3.3.7-17.ppc.rpm
openSUSE	10.2	x86_64	qt3-static	< 3.3.7-17	qt3-static-3.3.7-17.x86_64.rpm
openSUSE	10.2	i586	qt3	< 3.3.7-16	qt3-3.3.7-16.i586.rpm
openSUSE	10.0	x86_64	qt3-devel	< 3.3.4-28.12	qt3-devel-3.3.4-28.12.x86_64.rpm
SUSE Linux Enterprise Server	10.1	s390x	qt3	< 3.3.5-58.29	qt3-3.3.5-58.29.s390x.rpm
openSUSE	10.2	ppc	qt3	< 3.3.7-16	qt3-3.3.7-16.ppc.rpm
openSUSE	10.0	x86_64	qt3-static	< 3.3.4-28.12	qt3-static-3.3.4-28.12.x86_64.rpm
openSUSE	10.1	x86_64	qt3-32bit	< 3.3.5-58.29	qt3-32bit-3.3.5-58.29.x86_64.rpm
openSUSE	10.2	ppc	qt3-devel	< 3.3.7-16	qt3-devel-3.3.7-16.ppc.rpm