Andreas Nolden

Name of the Vulnerable Software and Affected Versions: Qt versions 3.3.8 and 4.2.3 Description: The issue is related to the UTF-8 decoder in Qt, which does not reject long UTF-8 sequences as required by the standard. This allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. Multiple vulnerabilities in Qt packages may lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely. Recommendations: For Qt versions 3.3.8 and 4.2.3, update to a version that includes a fix for the UTF-8 decoder issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.