CVE-2006-4811

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.

El desbordamiento de enteros en el Qt 3.3 versiones anteriores a 3.3.7, 4.1 anteriores a 4.1.5, y 4.2 anteriores a 4.2.1, como el usado en la librería KDE khtml, kdelibs 3.1.3, y, posiblemente otros paquetes, permite a los atacantes remotos causar la denegación de servicio (caída) y la posibilidad de ejecutar código de su elección mediante una imagen pixmap manipulada.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-09-15 CVE Reserved
2006-10-18 CVE Published
2024-04-29 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-189: Numeric Errors

CAPEC

References (36)

URL	Tag	Source
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742	X_refsource_confirm
http://securitytracker.com/id?1017084	Vdb Entry
http://www.securityfocus.com/archive/1/449173/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/20599	Vdb Entry
http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733	X_refsource_confirm
https://issues.rpath.com/browse/RPL-723	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218	Signature

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/22380	2021-06-16
http://secunia.com/advisories/22479	2021-06-16
http://secunia.com/advisories/22485	2021-06-16
http://secunia.com/advisories/22492	2021-06-16
http://secunia.com/advisories/22520	2021-06-16
http://www.redhat.com/support/errata/RHSA-2006-0720.html	2021-06-16
http://www.ubuntu.com/usn/usn-368-1	2021-06-16

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P	2021-06-16
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P	2021-06-16
http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html	2021-06-16
http://secunia.com/advisories/22397	2021-06-16
http://secunia.com/advisories/22579	2021-06-16
http://secunia.com/advisories/22586	2021-06-16
http://secunia.com/advisories/22589	2021-06-16
http://secunia.com/advisories/22645	2021-06-16
http://secunia.com/advisories/22738	2021-06-16
http://secunia.com/advisories/22890	2021-06-16
http://secunia.com/advisories/22929	2021-06-16
http://secunia.com/advisories/24347	2021-06-16
http://security.gentoo.org/glsa/glsa-200611-02.xml	2021-06-16
http://security.gentoo.org/glsa/glsa-200703-06.xml	2021-06-16
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.483634	2021-06-16
http://www.mandriva.com/security/advisories?name=MDKSA-2006:186	2021-06-16
http://www.mandriva.com/security/advisories?name=MDKSA-2006:187	2021-06-16
http://www.redhat.com/support/errata/RHSA-2006-0725.html	2021-06-16
http://www.us.debian.org/security/2006/dsa-1200	2021-06-16
http://www.vupen.com/english/advisories/2006/4099	2021-06-16
https://access.redhat.com/security/cve/CVE-2006-4811	2006-11-01
https://bugzilla.redhat.com/show_bug.cgi?id=1618204	2006-11-01

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				3.3.0 Search vendor "Qt" for product "Qt" and version "3.3.0"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				3.3.1 Search vendor "Qt" for product "Qt" and version "3.3.1"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				3.3.2 Search vendor "Qt" for product "Qt" and version "3.3.2"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				3.3.3 Search vendor "Qt" for product "Qt" and version "3.3.3"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				3.3.4 Search vendor "Qt" for product "Qt" and version "3.3.4"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				3.3.5 Search vendor "Qt" for product "Qt" and version "3.3.5"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				3.3.6 Search vendor "Qt" for product "Qt" and version "3.3.6"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.1.0 Search vendor "Qt" for product "Qt" and version "4.1.0"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.1.1 Search vendor "Qt" for product "Qt" and version "4.1.1"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.1.2 Search vendor "Qt" for product "Qt" and version "4.1.2"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.1.3 Search vendor "Qt" for product "Qt" and version "4.1.3"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.1.4 Search vendor "Qt" for product "Qt" and version "4.1.4"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				4.2.0 Search vendor "Qt" for product "Qt" and version "4.2.0"		-		Affected
Redhat Search vendor "Redhat"		Kdelibs Search vendor "Redhat" for product "Kdelibs"				3.1.3 Search vendor "Redhat" for product "Kdelibs" and version "3.1.3"		-		Affected