CVE-2007-4137

Name of the Vulnerable Software and Affected Versions libqt3-mt-dev versions prior to 3.3.8 libqt3c102-mt-ibase versions prior to 3.3.8 qt3-dev-tools versions prior to 3.3.8 libqt3c102-mt-mysql versions prior to 3.3.8 libqt3c102-mt-psql versions prior to 3.3.8 libqt3c102-mt-odbc versions prior to 3.3.8 qt3-designer versions prior to 3.3.8 qt3-dev-tools-embedded versions prior to 3.3.8 libqt3-dev versions prior to 3.3.8 libqt3-mt-psql versions prior to 3.3.8 qt-designer-3.3.3 versions prior to 3.3.8 qt-devel-docs-3.3.6 versions prior to 3.3.8 qt-3.3.6 versions prior to 3.3.8 qt3-examples versions prior to 3.3.8 qt3-qtconfig versions prior to 3.3.8 libqt3c102-mt-sqlite versions prior to 3.3.8 libqt3c102-mt-psql versions prior to 3.3.8 qt-x11-free-dbg versions prior to 3.3.8 libqt3-mt-ibase versions prior to 3.3.8 qt-config-3.3.6 versions prior to 3.3.8 libqt3-compat-headers versions prior to 3.3.8 libqt3c102-ibase versions prior to 3.3.8 qt-designer-3.3.6 versions prior to 3.3.8 qt (versions prior to 3.3.8-r4) libqt3-mt-odbc versions prior to 3.3.8 libqt3-mt versions prior to 3.3.8 qt-devel-3.3.6 versions prior to 3.3.8 libqt3-mt-sqlite versions prior to 3.3.8 libqt3-headers versions prior to 3.3.8 libqt3c102-mt versions prior to 3.3.8 qt3-dev-tools-compat versions prior to 3.3.8 libqt3-mt-mysql versions prior to 3.3.8 qt3-apps-dev versions prior to 3.3.8 qt3-linguist versions prior to 3.3.8 qt-config-3.3.3 versions prior to 3.3.8 qt-devel-3.3.3 versions prior to 3.3.8 qt-3.3.3 versions prior to 3.3.8 qt3-doc versions prior to 3.3.8 libqt3c102 versions prior to 3.3.8 libqt3c102-odbc versions prior to 3.3.8

Description The issue is related to multiple vulnerabilities in various Qt packages, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. According to the information provided, the vulnerabilities are present in various Qt packages, including libqt3-mt-dev, libqt3c102-mt-ibase, qt3-dev-tools, and others. The exploitation of these vulnerabilities can result in a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow.

Recommendations For each affected version, update to a version 3.3.8 or later to resolve the issue. As a temporary workaround, consider disabling the QUtf8Decoder::toUnicode function until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the vulnerable packages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.