Kevin Kofler

**Name of the Vulnerable Software and Affected Versions** TunePimp version 0.4.2 **Description** The issue is related to multiple stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp. This can be exploited by remote user-assisted attackers, potentially leading to a denial of service (application crash) and possibly allowing code execution. The overflows can occur via long strings in the (1) Album release date (`MBE ReleaseGetDate`), (2) data, or (3) error strings. **Recommendations** For TunePimp version 0.4.2, consider restricting the input length for `MBE ReleaseGetDate`, data, and error strings to prevent buffer overflows until a patch is available. As a temporary workaround, avoid using long strings in these fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libqt4-sql-sqlite2 (affected versions not specified) libqt4-webkit (affected versions not specified) libqt4-designer (affected versions not specified) libqt4-opengl (affected versions not specified) libqt4-script (affected versions not specified) libqt4-dbus (affected versions not specified) libqt4-assistant (affected versions not specified) libqt4-sql-sqlite (affected versions not specified) libqt4-sql-ibase (affected versions not specified) libqt4-network (affected versions not specified) libqt4-opengl-dev (affected versions not specified) libqt4-sql-psql (affected versions not specified) libqt4-xmlpatterns (affected versions not specified) libqt4-sql (affected versions not specified) libqt4-gui (affected versions not specified) qt4-designer (affected versions not specified) libqt4-sql-mysql (affected versions not specified) libqt4-xmlpatterns-dbg (affected versions not specified) libqt4-dev (affected versions not specified) libqt4-core (affected versions not specified) qt4-demos (affected versions not specified) qt4-dev-tools (affected versions not specified) qt4-doc (affected versions not specified) libqt4-xml (affected versions not specified) libqt4-dbg (affected versions not specified) libqt4-sql-odbc (affected versions not specified) libqt4-test (affected versions not specified) libqt4-qt3support (affected versions not specified) libqt4-webkit-dbg (affected versions not specified) libqt4-svg (affected versions not specified) qt4-doc-html (affected versions not specified) WebKit in Apple Safari before 4.0.2 KHTML in kdelibs in KDE QtWebKit (aka Qt toolkit) **Description** The issue is related to multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libqt4-sql-sqlite2, libqt4-webkit, and others. These vulnerabilities can be exploited remotely, leading to a violation of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited through crafted HTML documents, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.