CVE-2011-3194 – qt buffer overflow in greyscale images
https://notcve.org/view.php?id=CVE-2011-3194
Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. Desbordamiento de buffer en el lector de TIFF de gui/image/qtiffhandler.cpp de Qt 4.7.4 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de la etiqueta TIFFTAG_SAMPLESPERPIXEL de una imagen en escala de grises TIFF con múltiples muestras por pixel. • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html http://rhn.redhat.com/errata/RHSA-2011-1323.html http://rhn.redhat.com/errata/RHSA-2011-1328.html http://secunia.com/advisories/46128 http://secunia.com/advisories/46140 http://secunia.com/advisories/46187 http://secunia.com/advisories/46371 http://secunia.com/advisories • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-1766
https://notcve.org/view.php?id=CVE-2010-1766
Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. Error de superación de límite en la función WebSocketHandshake::readServerHandshake en websockets/WebSocketHandshake.cpp en WebCore en WebKit anterior a r56380, utilizado en Qt y otros productos, permite a los servidores de websockets remotos provocar una denegación de servicio (corrupción de memoria), o posiblemente tener otro impacto no especificado a través de una cabecera de actualización que es larga e inválida. • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40557 http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://trac.webkit.org/changeset/56380 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.ubuntu.com/usn/USN-1006-1 http:/& • CWE-189: Numeric Errors •
CVE-2010-2621 – Qt 4.6.3 - 'QSslSocketBackendPrivate::transmit()' Denial of Service
https://notcve.org/view.php?id=CVE-2010-2621
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. La función QSslSocketBackendPrivate::transmit en src_network_ssl_qsslsocket_openssl.cpp en Qt v4.6.3 y anteriores permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una solicitud mal formada. • https://www.exploit-db.com/exploits/14268 http://aluigi.org/adv/qtsslame-adv.txt http://aluigi.org/poc/qtsslame.zip http://osvdb.org/65860 http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597 http://secunia.com/advisories/40389 http://secunia.com/advisories/46410 http://www.securityfocus.com/bid/41250 http://www.vupen.com/english/advisories/2010/1657 https://hermes.opensuse.org/messages/12056605 • CWE-20: Improper Input Validation •
CVE-2009-2700
https://notcve.org/view.php?id=CVE-2009-2700
src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. src/network/ssl/qsslcertificate.cpp en Nokia Trolltech Qt v4.x no gestiona adecuadamente el carácter '\0'en un nombre de dominio en el campo Subject Alternative Name field de un certificado X.509, lo cual permite a atacantes hombre-en-el-medio (man-in-the-middle) suplantar servidores SSL a su elección a través de certificados manipulados expedidos por una Autoridad de Certificación legítima, una cuestión relacionada con CVE-2009-2408. • http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6 http://secunia.com/advisories/36536 http://secunia.com/advisories/36702 http://www.mandriva.com/security/advisories?name=MDVSA-2009:225 http://www.securityfocus.com/bid/36203 http://www.ubuntu.com/usn/usn-829-1 http://www.vupen.com/english/advisories/2009/2499 • CWE-20: Improper Input Validation •
CVE-2007-4137 – QT off by one buffer overflow
https://notcve.org/view.php?id=CVE-2007-4137
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. Error de superación de límite (off-by-one) en la función QUtf8Decoder::toUnicode de Trolltech Qt3 permite a usuarios locales o remotos (dependiendo del contexto) provocar una denegación de servicio (caída) mediante una cadena Unicode manipulada que dispara un desbordamiento de búfer basado en montículo. NOTA: Qt 4 tiene el mismo error en la función QUtf8Codec::convertToUnicode, pero no es explotable. • ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=192472 http://dist.trolltech.com/developer/download/175791_3.diff http://dist.trolltech.com/developer/download/175791_4.diff http://fedoranews.org/updates/FEDORA-2007-221.shtml http://fedoranews.org/updates/FEDORA-2007-703.shtml http://osvdb.org/39384 http://secunia.com/advisories/26778 http://secunia.com/advisories/26782 http://secunia.com/advisories/26804 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193: Off-by-one Error •