CVE-2011-3193 – qt/harfbuzz buffer overflow
https://notcve.org/view.php?id=CVE-2011-3193
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. Desbordamiento de buffer de memoria dinámica en la función Lookup_MarkMarkPos del módulo HarfBuzz (harfbuzz-gpos.c), tal como se usa en Qt anteriores a 4.7.4 y Pango. Permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un archivo de fuentes modificado. • http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65 http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08 http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0 http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html http://rhn.redhat.com/errata/RHSA-2011-1323.html http://rhn.redhat.com/errata/RH • CWE-787: Out-of-bounds Write •
CVE-2010-1766
https://notcve.org/view.php?id=CVE-2010-1766
Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. Error de superación de límite en la función WebSocketHandshake::readServerHandshake en websockets/WebSocketHandshake.cpp en WebCore en WebKit anterior a r56380, utilizado en Qt y otros productos, permite a los servidores de websockets remotos provocar una denegación de servicio (corrupción de memoria), o posiblemente tener otro impacto no especificado a través de una cabecera de actualización que es larga e inválida. • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40557 http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://trac.webkit.org/changeset/56380 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.ubuntu.com/usn/USN-1006-1 http:/& • CWE-189: Numeric Errors •
CVE-2010-2621 – Qt 4.6.3 - 'QSslSocketBackendPrivate::transmit()' Denial of Service
https://notcve.org/view.php?id=CVE-2010-2621
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. La función QSslSocketBackendPrivate::transmit en src_network_ssl_qsslsocket_openssl.cpp en Qt v4.6.3 y anteriores permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una solicitud mal formada. • https://www.exploit-db.com/exploits/14268 http://aluigi.org/adv/qtsslame-adv.txt http://aluigi.org/poc/qtsslame.zip http://osvdb.org/65860 http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597 http://secunia.com/advisories/40389 http://secunia.com/advisories/46410 http://www.securityfocus.com/bid/41250 http://www.vupen.com/english/advisories/2010/1657 https://hermes.opensuse.org/messages/12056605 • CWE-20: Improper Input Validation •
CVE-2007-3388 – qt3 format string flaw
https://notcve.org/view.php?id=CVE-2007-3388
Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. Múltiples vulnerabilidades de formato de cadena en (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, y (7) qsvgdevice.cpp en QTextEdit de Trolltech Qt 3 versiones anteriores a 3.3.8 20070727 permiten a atacantes remotos ejecutar código de su elección mediante especificadores de formato de cadena, en texto utilizado para componer mensajes de error. • ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=185446 http://dist.trolltech.com/developer/download/170529.diff http://fedoranews.org/updates/FEDORA-2007-221.shtml http://fedoranews.org/updates/FEDORA-2007-703.shtml http://secunia.com/advisories/24460 http://secunia.com/advisories/26264 http://secunia.com/advisories/26284 http://secunia.com/advisories/26291 http://secunia.com/advisories/26295 http://secunia.com& •
CVE-2004-0692
https://notcve.org/view.php?id=CVE-2004-0692
The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. El procesador XPM en la librería QT (qt3) en versiónes anteriores a 3.3.3 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante un fichero de imagen malformado que dispara una desreferencia nula, una vulnerabilidad distinta de CAN-2004-0693. • http://marc.info/?l=bugtraq&m=110979666528890&w=2 http://security.gentoo.org/glsa/glsa-200408-20.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-201610-1 http://www.debian.org/security/2004/dsa-542 http://www.mandriva.com/security/advisories?name=MDKSA-2004:085 http://www.novell.com/linux/security/advisories/2004_27_qt3.html http://www.redhat.com/support/errata/RHSA-2004-414.html https://exchange.xforce.ibmcloud.com/vulnerabilities/17041 https://oval.cisecur •