CVE-2007-3388

Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.

🔗 References (72)

• secalert@redhatftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc
• secalert@redhathttp://bugs.gentoo.org/show_bug.cgi?id=185446
• secalert@redhathttp://dist.trolltech.com/developer/download/170529.diff
• secalert@redhathttp://fedoranews.org/updates/FEDORA-2007-221.shtml
• secalert@redhathttp://fedoranews.org/updates/FEDORA-2007-703.shtml
• secalert@redhathttp://secunia.com/advisories/24460
• secalert@redhathttp://secunia.com/advisories/26264
• secalert@redhathttp://secunia.com/advisories/26284
• secalert@redhathttp://secunia.com/advisories/26291
• secalert@redhathttp://secunia.com/advisories/26295
• secalert@redhathttp://secunia.com/advisories/26298
• secalert@redhathttp://secunia.com/advisories/26306
• secalert@redhathttp://secunia.com/advisories/26385
• secalert@redhathttp://secunia.com/advisories/26607
• secalert@redhathttp://secunia.com/advisories/26804