CVE-2007-4137
CVE-2007-4137
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.aschttp://bugs.gentoo.org/show_bug.cgi?id=192472http://dist.trolltech.com/developer/download/175791_3.diffhttp://dist.trolltech.com/developer/download/175791_4.diffhttp://fedoranews.org/updates/FEDORA-2007-221.shtmlhttp://fedoranews.org/updates/FEDORA-2007-703.shtmlhttp://osvdb.org/39384https://bugzilla.redhat.com/show_bug.cgi?id=269001http://secunia.com/advisories/26778http://secunia.com/advisories/26782http://secunia.com/advisories/26804http://secunia.com/advisories/26811