17 September 2007, 10:37
Trolltech fixes vulnerability in Qt libraries
Trolltech, producer of the cross-platform C++ framework Qt, has released a source code patch for the Qt3 and Qt4 libraries, which fixes a vulnerability in the QUtf8Decoder. The "off-by-one" error when processing Unicode strings can be exploited in Qt3 to crash affected applications or possibly to inject malicious code through a single byte heap overflow.
Although the bug is present in all versions of Qt3 and Qt4, in Qt4 it cannot be used to develop an exploit. A patch for this bug should be included in the forthcoming bug fix release for Qt4. Red Hat has been distributing an updated patch since Friday.
(mba)
Print Version | Send by email
| Permalink: http://h-online.com/-733664
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
