CVE - CVE-2007-4137

CVE-ID
CVE-2007-4137	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1018688 URL:http://securitytracker.com/id?1018688 MISC:20070901-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc MISC:20071004 FLEA-2007-0059-1 qt qt-tools URL:http://www.securityfocus.com/archive/1/481498/100/0/threaded MISC:25657 URL:http://www.securityfocus.com/bid/25657 MISC:26778 URL:http://secunia.com/advisories/26778 MISC:26782 URL:http://secunia.com/advisories/26782 MISC:26804 URL:http://secunia.com/advisories/26804 MISC:26811 URL:http://secunia.com/advisories/26811 MISC:26857 URL:http://secunia.com/advisories/26857 MISC:26868 URL:http://secunia.com/advisories/26868 MISC:26882 URL:http://secunia.com/advisories/26882 MISC:26987 URL:http://secunia.com/advisories/26987 MISC:27053 URL:http://secunia.com/advisories/27053 MISC:27275 URL:http://secunia.com/advisories/27275 MISC:27382 URL:http://secunia.com/advisories/27382 MISC:27996 URL:http://secunia.com/advisories/27996 MISC:28021 URL:http://secunia.com/advisories/28021 MISC:39384 URL:~~http://osvdb.org/39384~~ (Obsolete source) MISC:ADV-2007-3144 URL:~~http://www.vupen.com/english/advisories/2007/3144~~ (Obsolete source) MISC:DSA-1426 URL:http://www.debian.org/security/2007/dsa-1426 MISC:FEDORA-2007-2216 URL:http://fedoranews.org/updates/FEDORA-2007-221.shtml MISC:FEDORA-2007-703 URL:http://fedoranews.org/updates/FEDORA-2007-703.shtml MISC:GLSA-200710-28 URL:http://security.gentoo.org/glsa/glsa-200710-28.xml MISC:GLSA-200712-08 URL:http://security.gentoo.org/glsa/glsa-200712-08.xml MISC:MDKSA-2007:183 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:183~~ (Obsolete source) MISC:RHSA-2007:0883 URL:http://www.redhat.com/support/errata/RHSA-2007-0883.html MISC:SUSE-SR:2007:019 URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html MISC:USN-513-1 URL:http://www.ubuntu.com/usn/usn-513-1 MISC:http://bugs.gentoo.org/show_bug.cgi?id=192472 URL:http://bugs.gentoo.org/show_bug.cgi?id=192472 MISC:http://dist.trolltech.com/developer/download/175791_3.diff URL:http://dist.trolltech.com/developer/download/175791_3.diff MISC:http://dist.trolltech.com/developer/download/175791_4.diff URL:http://dist.trolltech.com/developer/download/175791_4.diff MISC:http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm MISC:http://trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119 URL:http://trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=269001 URL:https://bugzilla.redhat.com/show_bug.cgi?id=269001 MISC:https://issues.rpath.com/browse/RPL-1751 URL:https://issues.rpath.com/browse/RPL-1751 MISC:oval:org.mitre.oval:def:11159 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11159
Assigning CNA
Red Hat, Inc.
Date Record Created
20070802	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070802)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)