Published: 03/04/2007 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Qt

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote malicious users to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qt qt 3.3.8
qt qt 4.2.3

The Qt library did not correctly handle truncated UTF8 strings, which could cause some applications to incorrectly filter malicious strings If a Konqueror user were tricked into visiting a web site containing specially crafted strings, normal XSS prevention could be bypassed allowing a remote attacker to steal confidential data ...

Andreas Nolden discovered a bug in the UTF8 decoding routines in qt4-x11, a C++ GUI library framework, that could allow remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters For the stable distribution (etch), this problem has been fixed in version 421-2e ...

NVD-CWE-Other http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350 http://www.securityfocus.com/bid/23269 http://secunia.com/advisories/24727 http://secunia.com/advisories/24699 http://secunia.com/advisories/24705 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591 http://www.ubuntu.com/usn/usn-452-1 http://secunia.com/advisories/24726 http://secunia.com/advisories/24847 http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html http://www.novell.com/linux/security/advisories/2007_6_sr.html http://secunia.com/advisories/24797 http://secunia.com/advisories/24889 https://issues.rpath.com/browse/RPL-1202 http://secunia.com/advisories/24759 http://www.debian.org/security/2007/dsa-1292 http://secunia.com/advisories/25263 http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm http://fedoranews.org/updates/FEDORA-2007-703.shtml http://www.mandriva.com/security/advisories?name=MDKSA-2007:074 http://www.mandriva.com/security/advisories?name=MDKSA-2007:075 http://www.mandriva.com/security/advisories?name=MDKSA-2007:076 http://www.redhat.com/support/errata/RHSA-2007-0909.html http://www.redhat.com/support/errata/RHSA-2007-0883.html ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc http://secunia.com/advisories/26857 http://secunia.com/advisories/26804 http://secunia.com/advisories/27108 http://secunia.com/advisories/27275 http://www.vupen.com/english/advisories/2007/1212 http://secunia.com/advisories/46117 http://rhn.redhat.com/errata/RHSA-2011-1324.html https://exchange.xforce.ibmcloud.com/vulnerabilities/33397 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510 http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html https://usn.ubuntu.com/452-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook