Joined: 12 May 2004
|Posted: Wed Aug 22, 2007 11:26 pm Post subject: [ GLSA 200708-16 ] Qt: Multiple format string vulnerabilitie
|Gentoo Linux Security Advisory
Title: Qt: Multiple format string vulnerabilities (GLSA 200708-16)
Exploitable: remote, local
Date: August 22, 2007
Format string vulnerabilities in Qt 3 may lead to the remote execution of arbitrary code in some Qt applications.
Qt is a cross-platform GUI framework, which is used e.g. by KDE.
Vulnerable: < 3.3.8-r3
Unaffected: >= 3.3.8-r3
Architectures: All supported architectures
Tim Brown of Portcullis Computer Security Ltd and Dirk Mueller of KDE reported multiple format string errors in qWarning() calls in files qtextedit.cpp, qdatatable.cpp, qsqldatabase.cpp, qsqlindex.cpp, qsqlrecord.cpp, qglobal.cpp, and qsvgdevice.cpp.
An attacker could trigger one of the vulnerabilities by causing a Qt application to parse specially crafted text, which may lead to the execution of arbitrary code.
There is no known workaround at this time.
All Qt 3 users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose "=x11-libs/qt-3*"
Last edited by GLSA on Wed Jul 29, 2009 4:18 am; edited 2 times in total