Security vulnerability in Qt development framework library
Trolltech, producers of the Qt library, have released a source code patch for Qt3, which fixes a security vulnerability. Bugs may lead to execution of arbitrary code during processing of crafted strings by applications which use the cross-platform C++ framework.
The routines for the QTextEdit element contain format string vulnerabilities and integer overflows. These can be triggered when an application linked to Qt issues an error message which incorporates text provided by the user. The bugs affect versions of Qt3 up to and including version 3.3.8. Programs using this version of the library include the KDE Desktop.
Red Hat has already released an updated package, and other Linux distributors are likely to follow suit shortly. Users should install the updated packages as soon as they become available.
- qt security update, security advisory from Red Hat
- Trolltech Provides Security Patch to Qt 3.3.8, Addressing Potential Vulnerability, security advisory from Trolltech
- Source code patch from Trolltech