CVE-2007-4137

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.

🔗 References (72)

• secalert@redhatftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc
• secalert@redhathttp://bugs.gentoo.org/show_bug.cgi?id=192472
• secalert@redhathttp://dist.trolltech.com/developer/download/175791_3.diff
• secalert@redhathttp://dist.trolltech.com/developer/download/175791_4.diff
• secalert@redhathttp://fedoranews.org/updates/FEDORA-2007-221.shtml
• secalert@redhathttp://fedoranews.org/updates/FEDORA-2007-703.shtml
• secalert@redhathttp://osvdb.org/39384
• secalert@redhathttp://secunia.com/advisories/26778
• secalert@redhathttp://secunia.com/advisories/26782
• secalert@redhathttp://secunia.com/advisories/26804
• secalert@redhathttp://secunia.com/advisories/26811
• secalert@redhathttp://secunia.com/advisories/26857
• secalert@redhathttp://secunia.com/advisories/26868
• secalert@redhathttp://secunia.com/advisories/26882
• secalert@redhathttp://secunia.com/advisories/26987