CVE-2011-3193

Name of the Vulnerable Software and Affected Versions Qt versions prior to 4.7.4 Qt versions prior to 4.8.4 frysk version 0.0.1.2007.08.03

Description The issue is related to a heap-based buffer overflow in the Lookup MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), which can be exploited by remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For Qt versions prior to 4.7.4, update to version 4.7.4 or later to resolve the issue. For Qt versions prior to 4.8.4, update to version 4.8.4 or later to resolve the issue. For frysk version 0.0.1.2007.08.03, there is no information about a newer version that contains a fix for this vulnerability.