National Vulnerability Database (NVD) National Vulnerability Database (CVE-2007-4137)

National Cyber Awareness System

Vulnerability Summary for CVE-2007-4137

Original release date:09/18/2007

Last revised:03/08/2011

Source: US-CERT/NIST

Overview

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MISC

Name: https://bugzilla.redhat.com/show_bug.cgi?id=269001

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=269001

External Source: VUPEN

Name: ADV-2007-3144

Hyperlink:http://www.vupen.com/english/advisories/2007/3144

External Source: BID

Name: 25657

Hyperlink:http://www.securityfocus.com/bid/25657

External Source: REDHAT

Name: RHSA-2007:0883

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0883.html

External Source: CONFIRM

Name: http://trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119

Hyperlink:http://trolltech.com/company/newsroom/announcements/press.2007-09-03.7564032119

External Source: SECUNIA

Name: 26811

Type: Advisory

Hyperlink:http://secunia.com/advisories/26811

External Source: SECUNIA

Name: 26782

Type: Advisory

Hyperlink:http://secunia.com/advisories/26782

External Source: SECUNIA

Name: 26778

Type: Advisory

Hyperlink:http://secunia.com/advisories/26778

External Source: OVAL

Name: oval:org.mitre.oval:def:11159

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11159

External Source: OSVDB

Name: 39384

Hyperlink:http://osvdb.org/39384

External Source: MISC

Name: http://dist.trolltech.com/developer/download/175791_4.diff

Hyperlink:http://dist.trolltech.com/developer/download/175791_4.diff

External Source: MISC

Name: http://dist.trolltech.com/developer/download/175791_3.diff

Hyperlink:http://dist.trolltech.com/developer/download/175791_3.diff

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-1751

Hyperlink:https://issues.rpath.com/browse/RPL-1751

External Source: UBUNTU

Name: USN-513-1

Hyperlink:http://www.ubuntu.com/usn/usn-513-1

External Source: BUGTRAQ

Name: 20071004 FLEA-2007-0059-1 qt qt-tools

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/481498/100/0/threaded

External Source: SUSE

Name: SUSE-SR:2007:019

Hyperlink:http://www.novell.com/linux/security/advisories/2007_19_sr.html

External Source: MANDRIVA

Name: MDKSA-2007:183

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:183

External Source: DEBIAN

Name: DSA-1426

Hyperlink:http://www.debian.org/security/2007/dsa-1426

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm

External Source: SECTRACK

Name: 1018688

Hyperlink:http://securitytracker.com/id?1018688

External Source: GENTOO

Name: GLSA-200712-08

Hyperlink:http://security.gentoo.org/glsa/glsa-200712-08.xml

External Source: GENTOO

Name: GLSA-200710-28

Hyperlink:http://security.gentoo.org/glsa/glsa-200710-28.xml

External Source: SECUNIA

Name: 28021

Hyperlink:http://secunia.com/advisories/28021

External Source: SECUNIA

Name: 27996

Hyperlink:http://secunia.com/advisories/27996

External Source: SECUNIA

Name: 27382

Hyperlink:http://secunia.com/advisories/27382

External Source: SECUNIA

Name: 27275

Hyperlink:http://secunia.com/advisories/27275

External Source: SECUNIA

Name: 27053

Hyperlink:http://secunia.com/advisories/27053

External Source: SECUNIA

Name: 26987

Hyperlink:http://secunia.com/advisories/26987

External Source: SECUNIA

Name: 26882

Hyperlink:http://secunia.com/advisories/26882

External Source: SECUNIA

Name: 26868

Hyperlink:http://secunia.com/advisories/26868

External Source: SECUNIA

Name: 26857

Hyperlink:http://secunia.com/advisories/26857

External Source: SECUNIA

Name: 26804

Hyperlink:http://secunia.com/advisories/26804

External Source: FEDORA

Name: FEDORA-2007-703

Hyperlink:http://fedoranews.org/updates/FEDORA-2007-703.shtml

External Source: FEDORA

Name: FEDORA-2007-2216

Hyperlink:http://fedoranews.org/updates/FEDORA-2007-221.shtml

External Source: CONFIRM

Name: http://bugs.gentoo.org/show_bug.cgi?id=192472

Hyperlink:http://bugs.gentoo.org/show_bug.cgi?id=192472

External Source: SGI

Name: 20070901-01-P

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc

References to Check Content

Identifier:oval:org.mitre.oval:def:11159

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11159

Vulnerable software and versions

Configuration 1

AND

cpe:/o:conectiva:linux:10.0

cpe:/o:conectiva:linux:9.0

cpe:/o:gentoo:linux

cpe:/o:mandrakesoft:mandrake_linux:10.0

cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64

cpe:/o:mandrakesoft:mandrake_linux:2007

cpe:/o:mandrakesoft:mandrake_linux:2007.1

cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86_64

cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64

cpe:/o:mandrakesoft:mandrake_linux:9.2

cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64

cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0

cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64

cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0

cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64

cpe:/o:redhat:enterprise_linux:2.1::as

cpe:/o:redhat:enterprise_linux:2.1::aw

cpe:/o:redhat:enterprise_linux:2.1::es

cpe:/o:redhat:enterprise_linux:3.0::as

cpe:/o:redhat:enterprise_linux:3.0::es

cpe:/o:redhat:enterprise_linux:3.0::ws

cpe:/o:redhat:enterprise_linux:4.0::as

cpe:/o:redhat:enterprise_linux:4.0::es

cpe:/o:redhat:enterprise_linux:4.0::ws

cpe:/o:redhat:enterprise_linux:5.0::client

cpe:/o:redhat:enterprise_linux:5.0::client_workstation

cpe:/o:redhat:enterprise_linux:5.0::server

cpe:/o:redhat:linux:2.1::aw_itanium

cpe:/o:redhat:linux:3.0

cpe:/o:redhat:linux:4.0

cpe:/o:ubuntu:ubuntu_linux:6.06_lts::amd64

cpe:/o:ubuntu:ubuntu_linux:6.06_lts::i386

cpe:/o:ubuntu:ubuntu_linux:6.06_lts::powerpc

cpe:/o:ubuntu:ubuntu_linux:6.06_lts::sparc

cpe:/o:ubuntu:ubuntu_linux:6.10::amd64

cpe:/o:ubuntu:ubuntu_linux:6.10::i386

cpe:/o:ubuntu:ubuntu_linux:6.10::powerpc

cpe:/o:ubuntu:ubuntu_linux:6.10::sparc

cpe:/o:ubuntu:ubuntu_linux:7.04::amd64

cpe:/o:ubuntu:ubuntu_linux:7.04::i386

cpe:/o:ubuntu:ubuntu_linux:7.04::powerpc

cpe:/o:ubuntu:ubuntu_linux:7.04::sparc

* cpe:/a:trolltech:qt:3.0

* cpe:/a:trolltech:qt:3.0.3

* cpe:/a:trolltech:qt:3.0.5

* cpe:/a:trolltech:qt:3.1

* cpe:/a:trolltech:qt:3.1.1

* cpe:/a:trolltech:qt:3.1.2

* cpe:/a:trolltech:qt:3.2.1

* cpe:/a:trolltech:qt:3.2.3

* cpe:/a:trolltech:qt:3.3.0

* cpe:/a:trolltech:qt:3.3.1

* cpe:/a:trolltech:qt:3.3.2

* cpe:/a:trolltech:qt:3.3.3

* cpe:/a:trolltech:qt:3.3.4

* cpe:/a:trolltech:qt:3.3.5

* cpe:/a:trolltech:qt:3.3.6

* cpe:/a:trolltech:qt:3.3.7

* cpe:/a:trolltech:qt:3.3.8

* cpe:/a:trolltech:qt:4.1

* cpe:/a:trolltech:qt:4.1.4

* cpe:/a:trolltech:qt:4.1.5

* cpe:/a:trolltech:qt:4.2

* cpe:/a:trolltech:qt:4.2.1

* cpe:/a:trolltech:qt:4.2.3

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Buffer Errors (CWE-119)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4137