Buffer overflow in Conectiva Linux

CVE-2007-4137

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the…

Vulnerability class: Buffer Overflow

EPSS: 0.024 (81.5th percentile) — read the EPSS interpretation.

Affected products

Conectiva Linux — versions 9.0, 10.0
Gentoo Linux
Mandrakesoft Mandrake_linux — versions 9.2, 10.0, 2007
Mandrakesoft Mandrake_linux_corporate_server — versions 3.0, 4.0
Trolltech Qt — versions 3.0, 3.0.3, 3.0.5
Redhat Enterprise_linux — versions 2.1, 3.0, 4.0
Redhat Linux — versions 2.1, 3.0, 4.0
Ubuntu Ubuntu_linux — versions 6.06_lts, 6.10, 7.04
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (signature, x_refsource_OVAL, vdb-entry)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)