First published: Thu Aug 30 2007(Updated: )
Dirk Mueller reported an off by one buffer overflow flaw in the way QT parses certain unicode strings. To quote Dirk: I`ve found a off-by-one buffer overflow in QUtf8Decoder::toUnicode(). It is not exploitable with Qt 4.x or above because there is an additional QChar(0) being allocated in QString, however it is still a bug there, as the array returned by utf16() etc is no longer terminated properly.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Conectiva Linux | =9.0 | |
Conectiva Linux | =10.0 | |
Gentoo Linux | ||
Mandrake Linux | =9.2 | |
Mandrake Linux | =9.2 | |
Mandrake Linux | =10.0 | |
Mandrake Linux | =10.0 | |
Mandrake Linux | =2007 | |
Mandrake Linux | =2007 | |
Mandrake Linux | =2007.1 | |
Mandrake Linux | =2007.1 | |
Mandriva Linux Corporate Server | =3.0 | |
Mandriva Linux Corporate Server | =3.0 | |
Mandriva Linux Corporate Server | =4.0 | |
Mandriva Linux Corporate Server | =4.0 | |
Red Hat Enterprise Linux | =2.1 | |
Red Hat Enterprise Linux | =2.1 | |
Red Hat Enterprise Linux | =2.1 | |
Red Hat Enterprise Linux | =3.0 | |
Red Hat Enterprise Linux | =3.0 | |
Red Hat Enterprise Linux | =3.0 | |
Red Hat Enterprise Linux | =4.0 | |
Red Hat Enterprise Linux | =4.0 | |
Red Hat Enterprise Linux | =4.0 | |
Red Hat Enterprise Linux | =5.0 | |
Red Hat Enterprise Linux | =5.0 | |
Red Hat Enterprise Linux | =5.0 | |
Red Hat Linux | =2.1 | |
Red Hat Linux | =3.0 | |
Red Hat Linux | =4.0 | |
Ubuntu Linux | =6.06_lts | |
Ubuntu Linux | =6.06_lts | |
Ubuntu Linux | =6.06_lts | |
Ubuntu Linux | =6.06_lts | |
Ubuntu Linux | =6.10 | |
Ubuntu Linux | =6.10 | |
Ubuntu Linux | =6.10 | |
Ubuntu Linux | =6.10 | |
Ubuntu Linux | =7.04 | |
Ubuntu Linux | =7.04 | |
Ubuntu Linux | =7.04 | |
Ubuntu Linux | =7.04 | |
Trolltech Qt | =3.0 | |
Trolltech Qt | =3.0.3 | |
Trolltech Qt | =3.0.5 | |
Trolltech Qt | =3.1 | |
Trolltech Qt | =3.1.1 | |
Trolltech Qt | =3.1.2 | |
Trolltech Qt | =3.2.1 | |
Trolltech Qt | =3.2.3 | |
Trolltech Qt | =3.3.0 | |
Trolltech Qt | =3.3.1 | |
Trolltech Qt | =3.3.2 | |
Trolltech Qt | =3.3.3 | |
Trolltech Qt | =3.3.4 | |
Trolltech Qt | =3.3.5 | |
Trolltech Qt | =3.3.6 | |
Trolltech Qt | =3.3.7 | |
Trolltech Qt | =3.3.8 | |
Trolltech Qt | =4.1 | |
Trolltech Qt | =4.1.4 | |
Trolltech Qt | =4.1.5 | |
Trolltech Qt | =4.2 | |
Trolltech Qt | =4.2.1 | |
Trolltech Qt | =4.2.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2007-4137 is classified as a buffer overflow vulnerability which can potentially lead to application crashes.
To fix CVE-2007-4137, ensure Qt is updated to version 4.x or above where the vulnerability is not exploitable.
CVE-2007-4137 affects older versions of the Qt library, particularly versions prior to 4.0.
CVE-2007-4137 is not known to be easily exploitable in a remote manner, as it primarily affects local applications processing malformed input.
CVE-2007-4137 impacts various Linux distributions that utilize the affected versions of Qt.