GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Aug 22, 2007 11:26 pm Post subject: [ GLSA 200708-16 ] Qt: Multiple format string vulnerabilitie |
 |
|
Gentoo Linux Security Advisory
Title: Qt: Multiple format string vulnerabilities (GLSA 200708-16)
Severity: normal
Exploitable: remote, local
Date: August 22, 2007
Bug(s): #185446
ID: 200708-16
Synopsis
Format string vulnerabilities in Qt 3 may lead to the remote execution of arbitrary code in some Qt applications.
Background
Qt is a cross-platform GUI framework, which is used e.g. by KDE.
Affected Packages
Package: x11-libs/qt
Vulnerable: < 3.3.8-r3
Unaffected: >= 3.3.8-r3
Architectures: All supported architectures
Description
Tim Brown of Portcullis Computer Security Ltd and Dirk Mueller of KDE reported multiple format string errors in qWarning() calls in files qtextedit.cpp, qdatatable.cpp, qsqldatabase.cpp, qsqlindex.cpp, qsqlrecord.cpp, qglobal.cpp, and qsvgdevice.cpp.
Impact
An attacker could trigger one of the vulnerabilities by causing a Qt application to parse specially crafted text, which may lead to the execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Qt 3 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose "=x11-libs/qt-3*" |
References
CVE-2007-3388
Last edited by GLSA on Wed Jul 29, 2009 4:18 am; edited 2 times in total |
|
News & Announcements
