PT-2009-6695 · Qt+3 · Libqt4-Sql-Mysql+33

Nils

·

Published

1970-01-01

·

Updated

2018-10-10

·

CVE-2009-0945

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions libqt4-sql-sqlite2 (affected versions not specified) libqt4-webkit (affected versions not specified) libqt4-designer (affected versions not specified) libqt4-opengl (affected versions not specified) libqt4-script (affected versions not specified) libqt4-assistant (affected versions not specified) libqt4-dbus (affected versions not specified) libqt4-sql-sqlite (affected versions not specified) libqt4-sql-ibase (affected versions not specified) libqt4-network (affected versions not specified) libqt4-opengl-dev (affected versions not specified) libqt4-sql-psql (affected versions not specified) libqt4-xmlpatterns (affected versions not specified) libqt4-sql (affected versions not specified) libqt4-gui (affected versions not specified) qt4-designer (affected versions not specified) libqt4-sql-mysql (affected versions not specified) libqt4-xmlpatterns-dbg (affected versions not specified) libqt4-core (affected versions not specified) libqt4-dev (affected versions not specified) qt4-demos (affected versions not specified) qt4-dev-tools (affected versions not specified) qt4-doc (affected versions not specified) libqt4-xml (affected versions not specified) libqt4-dbg (affected versions not specified) libqt4-test (affected versions not specified) libqt4-sql-odbc (affected versions not specified) libqt4-qt3support (affected versions not specified) libqt4-webkit-dbg (affected versions not specified) libqt4-svg (affected versions not specified) qt4-doc-html (affected versions not specified)
Description The issue involves multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libqt4-sql-sqlite2, libqt4-webkit, and others. These vulnerabilities can lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely. Additionally, an array index error in the insertItemBefore method in WebKit can allow remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-94

Related Identifiers

BDU:2015-02905
BDU:2015-02907
BDU:2015-02908
BDU:2015-02909
BDU:2015-02910
BDU:2015-02911
BDU:2015-02912
BDU:2015-02913
BDU:2015-02914
BDU:2015-04034
BDU:2015-04035
BDU:2015-04036
BDU:2015-04037
BDU:2015-04038
BDU:2015-04039
BDU:2015-04040
BDU:2015-04041
BDU:2015-04042
BDU:2015-04043
BDU:2015-04044
BDU:2015-04045
BDU:2015-04046
BDU:2015-04047
BDU:2015-04048
BDU:2015-04049
BDU:2015-04050
BDU:2015-04051
BDU:2015-04052
BDU:2015-04053
BDU:2015-04054
BDU:2015-04055
BDU:2015-04056
BDU:2015-04057
CVE-2009-0945
DSA-1866-1
DSA-1950-1
DSA-1988-1
OPENSUSE-SU-2024:10180-1
RHSA-2009:1130
RHSA-2009_1130

Affected Products

Debian
Red Hat
Webkit
Libqt4-Assistant
Libqt4-Core
Libqt4-Dbg
Libqt4-Dbus
Libqt4-Designer
Libqt4-Dev
Libqt4-Gui
Libqt4-Network
Libqt4-Opengl
Libqt4-Opengl-Dev
Libqt4-Qt3Support
Libqt4-Script
Libqt4-Sql
Libqt4-Sql-Ibase
Libqt4-Sql-Mysql
Libqt4-Sql-Odbc
Libqt4-Sql-Psql
Libqt4-Sql-Sqlite
Libqt4-Sql-Sqlite2
Libqt4-Svg
Libqt4-Test
Libqt4-Webkit
Libqt4-Webkit-Dbg
Libqt4-Xml
Libqt4-Xmlpatterns
Libqt4-Xmlpatterns-Dbg
Qt4-Demos
Qt4-Designer
Qt4-Dev-Tools
Qt4-Doc
Qt4-Doc-Html