In association with heise online

19 October 2006, 15:01

Qt bug rips security hole in Konqueror

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

An integer overflow in the Qt library allows an attacker, using, for example, manipulated websites, to infiltrate malicious code via the Konqueror browser and execute this code with the user's privileges. The khtml library from KDE used by Konqueror passes unchecked parameters to Qt. This can be used by a prepared Pixmap image to trigger an overflow and exploit the vulnerability.

The vulnerability was discovered by Georgi Guninski. Red Hat is distributing updated packages which remedy the bug. Updates for other Linux distributions should follow shortly.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit