PT-2009-6700 · Qt+2 · Libqt4-Sql-Mysql+33

Kevin Kofler

·

Published

1970-01-01

·

Updated

2022-08-09

·

CVE-2009-1725

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions libqt4-sql-sqlite2 (affected versions not specified) libqt4-webkit (affected versions not specified) libqt4-designer (affected versions not specified) libqt4-opengl (affected versions not specified) libqt4-script (affected versions not specified) libqt4-dbus (affected versions not specified) libqt4-assistant (affected versions not specified) libqt4-sql-sqlite (affected versions not specified) libqt4-sql-ibase (affected versions not specified) libqt4-network (affected versions not specified) libqt4-opengl-dev (affected versions not specified) libqt4-sql-psql (affected versions not specified) libqt4-xmlpatterns (affected versions not specified) libqt4-sql (affected versions not specified) libqt4-gui (affected versions not specified) qt4-designer (affected versions not specified) libqt4-sql-mysql (affected versions not specified) libqt4-xmlpatterns-dbg (affected versions not specified) libqt4-dev (affected versions not specified) libqt4-core (affected versions not specified) qt4-demos (affected versions not specified) qt4-dev-tools (affected versions not specified) qt4-doc (affected versions not specified) libqt4-xml (affected versions not specified) libqt4-dbg (affected versions not specified) libqt4-sql-odbc (affected versions not specified) libqt4-test (affected versions not specified) libqt4-qt3support (affected versions not specified) libqt4-webkit-dbg (affected versions not specified) libqt4-svg (affected versions not specified) qt4-doc-html (affected versions not specified) WebKit in Apple Safari before 4.0.2 KHTML in kdelibs in KDE QtWebKit (aka Qt toolkit)
Description The issue is related to multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libqt4-sql-sqlite2, libqt4-webkit, and others. These vulnerabilities can be exploited remotely, leading to a violation of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited through crafted HTML documents, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-189CWE-94

Related Identifiers

BDU:2015-02905
BDU:2015-02907
BDU:2015-02908
BDU:2015-02909
BDU:2015-02910
BDU:2015-02911
BDU:2015-02912
BDU:2015-02913
BDU:2015-02914
BDU:2015-04034
BDU:2015-04035
BDU:2015-04036
BDU:2015-04037
BDU:2015-04038
BDU:2015-04039
BDU:2015-04040
BDU:2015-04041
BDU:2015-04042
BDU:2015-04043
BDU:2015-04044
BDU:2015-04045
BDU:2015-04046
BDU:2015-04047
BDU:2015-04048
BDU:2015-04049
BDU:2015-04050
BDU:2015-04051
BDU:2015-04052
BDU:2015-04053
BDU:2015-04054
BDU:2015-04055
BDU:2015-04056
BDU:2015-04057
CVE-2009-1725
DSA-1950-1
DSA-1988-1

Affected Products

Safari
Qtwebkit
Kdelibs
Libqt4-Assistant
Libqt4-Core
Libqt4-Dbg
Libqt4-Dbus
Libqt4-Designer
Libqt4-Dev
Libqt4-Gui
Libqt4-Network
Libqt4-Opengl
Libqt4-Opengl-Dev
Libqt4-Qt3Support
Libqt4-Script
Libqt4-Sql
Libqt4-Sql-Ibase
Libqt4-Sql-Mysql
Libqt4-Sql-Odbc
Libqt4-Sql-Psql
Libqt4-Sql-Sqlite
Libqt4-Sql-Sqlite2
Libqt4-Svg
Libqt4-Test
Libqt4-Webkit
Libqt4-Webkit-Dbg
Libqt4-Xml
Libqt4-Xmlpatterns
Libqt4-Xmlpatterns-Dbg
Qt4-Demos
Qt4-Designer
Qt4-Dev-Tools
Qt4-Doc
Qt4-Doc-Html