Trolltech Removes Qt Vulnerability

Sep 17, 2007

A moderately critical vulnerability was discovered in the QUtf8Decoder of Trolltech's Qt Framework.

The Trolltech developers have now released patch to remove the "QUtf8Decoder" security bug in Qt3 and Qt4. Attackers were able to exploit the vulnerability via a specially crafted Unicode string. Processing the string would cause applications to crash due to an off by one heap overflow and thus execute injected malicious code. According to Trolltech there is no way of exploiting the bug in Qt4.

The error is what's known as an "Off-By-One Error", which is typically caused by a logical error on the part of the programmer leading to control structures being parsed once too often, or not frequently enough. The error can cause a program to crash.

Patches for the vulnerability which is listed under CVE number CVE-2007-4137, are available from the manufacturer's website for Qt3 and Qt4. Distributions are now starting to offer updated program packages, Red Hat for example.

Related content

comments powered by Disqus

Issue 163/2014

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia