4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.027 Low
EPSS
Percentile
90.4%
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not
reject long UTF-8 sequences as required by the standard, which allows
remote attackers to conduct cross-site scripting (XSS) and directory
traversal attacks via long sequences that decode to dangerous
metacharacters.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | kdelibs | < 3.5.2-0ubuntu18.5 | UNKNOWN |
ubuntu | 6.10 | noarch | kdelibs | < 3.5.5-0ubuntu3.5 | UNKNOWN |
ubuntu | 7.04 | noarch | kdelibs | < 3.5.6-0ubuntu14.1 | UNKNOWN |
ubuntu | 6.06 | noarch | qt-x11-free | < 3.3.6-1ubuntu6.4 | UNKNOWN |
ubuntu | 6.10 | noarch | qt-x11-free | < 3.3.6-3ubuntu3.3 | UNKNOWN |
ubuntu | 7.04 | noarch | qt-x11-free | < 3.3.8really3.3.7-0ubuntu5.2 | UNKNOWN |