PT-2007-1026 · Qt Company+1 · Qt+1

Andreas Nolden

Published

2007-04-03

Updated

2017-10-11

CVE-2007-0242

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Qt versions 3.3.8 and 4.2.3

Description: The issue is related to the UTF-8 decoder in Qt, which does not reject long UTF-8 sequences as required by the standard. This allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. Multiple vulnerabilities in Qt packages may lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations: For Qt versions 3.3.8 and 4.2.3, update to a version that includes a fix for the UTF-8 decoder issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-02906

BDU:2015-06485

BDU:2015-06486

BDU:2015-06487

BDU:2015-06488

BDU:2015-06489

BDU:2015-06490

BDU:2015-06491

BDU:2015-06492

BDU:2015-06493

CVE-2007-0242

DSA-1292-1

RHSA-2007:0883

RHSA-2007:0909

RHSA-2007_0883

RHSA-2007_0909

RHSA-2011:1324

RHSA-2011_1324

Affected Products

Red Hat

PT-2007-1026 · Qt Company+1 · Qt+1

CVE-2007-0242

Related Identifiers

Affected Products

References · 102