In association with heise online

« previous | next »
17 September 2007, 11:37

Trolltech fixes vulnerability in Qt libraries

Trolltech, producer of the cross-platform C++ framework Qt, has released a source code patch for the Qt3 and Qt4 libraries, which fixes a vulnerability in the QUtf8Decoder. The "off-by-one" error when processing Unicode strings can be exploited in Qt3 to crash affected applications or possibly to inject malicious code through a single byte heap overflow.

Although the bug is present in all versions of Qt3 and Qt4, in Qt4 it cannot be used to develop an exploit. A patch for this bug should be included in the forthcoming bug fix release for Qt4. Red Hat has been distributing an updated patch since Friday.

(mba)

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-733664

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Crucial m4 SSD 128GB
  7. Gigabyte GeForce GTX 670 OC
  8. Palit GeForce GTX 670
  9. Diablo 3 (deutsch)
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit