CVE-2006-4811: Integer Overflow
First published: Wed Oct 18 2006(Updated: )
Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE kdelibs | =3.1.3 | |
| Trolltech Qt | =3.3.0 | |
| Trolltech Qt | =3.3.3 | |
| Trolltech Qt | =3.3.4 | |
| Trolltech Qt | =3.3.1 | |
| Trolltech Qt | =3.3.2 | |
| Trolltech Qt | =4.1.0 | |
| Trolltech Qt | =3.3.5 | |
| Trolltech Qt | =3.3.6 | |
| Trolltech Qt | =4.1.3 | |
| Trolltech Qt | =4.1.4 | |
| Trolltech Qt | =4.1.1 | |
| Trolltech Qt | =4.1.2 | |
| Trolltech Qt | =4.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742
- http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html
- http://secunia.com/advisories/22380
- http://secunia.com/advisories/22397
- http://secunia.com/advisories/22479
- http://secunia.com/advisories/22485
- http://secunia.com/advisories/22492
- http://secunia.com/advisories/22520
- http://secunia.com/advisories/22579
- http://secunia.com/advisories/22586
- http://secunia.com/advisories/22589
- http://secunia.com/advisories/22645
- http://secunia.com/advisories/22738
- http://secunia.com/advisories/22890
- http://secunia.com/advisories/22929
- http://secunia.com/advisories/24347
- http://security.gentoo.org/glsa/glsa-200611-02.xml
- http://security.gentoo.org/glsa/glsa-200703-06.xml
- http://securitytracker.com/id?1017084
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.483634
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:186
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:187
- http://www.redhat.com/support/errata/RHSA-2006-0720.html
- http://www.redhat.com/support/errata/RHSA-2006-0725.html
- http://www.securityfocus.com/archive/1/449173/100/0/threaded
- http://www.securityfocus.com/bid/20599
- http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733
- http://www.ubuntu.com/usn/usn-368-1
- http://www.us.debian.org/security/2006/dsa-1200
- http://www.vupen.com/english/advisories/2006/4099
- https://issues.rpath.com/browse/RPL-723
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218
Frequently Asked Questions
What is the severity of CVE-2006-4811?
CVE-2006-4811 is rated as critical due to its potential for remote code execution and denial of service.
How do I fix CVE-2006-4811?
To fix CVE-2006-4811, upgrade to the latest versions of Qt that are not affected, such as Qt 3.3.7 or later and Qt 4.1.5 or later.
Which versions are affected by CVE-2006-4811?
CVE-2006-4811 affects Qt versions 3.3.0 to 3.3.6, and 4.1.0 to 4.1.4 as well as kdelibs 3.1.3.
What is the impact of CVE-2006-4811?
The impact of CVE-2006-4811 can lead to application crashes and may allow attackers to execute arbitrary code.
Where can I find more information about CVE-2006-4811?
Additional details on CVE-2006-4811 can usually be found in security advisories related to affected software or through software vendor communications.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/redhat
- canonical/kde kdelibs
- version/kde kdelibs/3.1.3
- vendor/qt
- canonical/trolltech qt
- version/trolltech qt/3.3.0
- version/trolltech qt/3.3.3
- version/trolltech qt/3.3.4
- version/trolltech qt/3.3.1
- version/trolltech qt/3.3.2
- version/trolltech qt/4.1.0
- version/trolltech qt/3.3.5
- version/trolltech qt/3.3.6
- version/trolltech qt/4.1.3
- version/trolltech qt/4.1.4
- version/trolltech qt/4.1.1
- version/trolltech qt/4.1.2
- version/trolltech qt/4.2.0