In association with heise online

01 August 2007, 13:43

Security vulnerability in Qt development framework library

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Trolltech, producers of the Qt library, have released a source code patch for Qt3, which fixes a security vulnerability. Bugs may lead to execution of arbitrary code during processing of crafted strings by applications which use the cross-platform C++ framework.

The routines for the QTextEdit element contain format string vulnerabilities and integer overflows. These can be triggered when an application linked to Qt issues an error message which incorporates text provided by the user. The bugs affect versions of Qt3 up to and including version 3.3.8. Programs using this version of the library include the KDE Desktop.

Red Hat has already released an updated package, and other Linux distributors are likely to follow suit shortly. Users should install the updated packages as soon as they become available.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit