|
|
|
|
|
|
Digg |
|
|
|
A moderately critical vulnerability was discovered in the QUtf8Decoder of Trolltech's Qt Framework.
The Trolltech developers have now released patch to remove the "QUtf8Decoder" security bug in Qt3 and Qt4. Attackers were able to exploit the vulnerability via a specially crafted Unicode string. Processing the string would cause applications to crash due to an off by one heap overflow and thus execute injected malicious code. According to Trolltech there is no way of exploiting the bug in Qt4.
The error is what's known as an "Off-By-One Error", which is typically caused by a logical error on the part of the programmer leading to control structures being parsed once too often, or not frequently enough. The error can cause a program to crash.
Patches for the vulnerability which is listed under CVE number CVE-2007-4137, are available from the manufacturer's website for Qt3 and Qt4. Distributions are now starting to offer updated program packages, Red Hat for example.
|
|
|
| Live Streaming from ApacheCon Europe 2009 |
|---|
|
All about Apache in 19 talks Watch 3 days full of Apache talks live from Amsterdam on March 25-27 in the convenience of your home or office. Topics are: Apache Hadoop, Tomcat for Developers and Administrators, HTTP Server Administration and much more. |
Comments