Ubuntu Security Notice 1504-1 - It was discovered that Qt did not properly handle wildcard domain names or IP addresses in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 10.04 LTS. A heap-based buffer overflow was discovered in the HarfBuzz module. If a user were tricked into opening a crafted font file in a Qt application, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
38f8026f04706275efcfb7cc11205b775caa2dd43f788cbc9c811568afc13863Gentoo Linux Security Advisory 201206-2 - A buffer overflow in QtGui could result in execution of arbitrary code or Denial of Service. Versions less than 4.7.4-r1 are affected.
3e8fe99c5b4cd12ef5e54050c573dfb17c9be459a9ae7b4a445a8accc9356713Red Hat Security Advisory 2011-1323-01 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A buffer overflow flaw was found in the way Qt handled certain gray-scale image files. If a user loaded a specially-crafted gray-scale image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
2b4e351ecf7b1e04b2a289d89c0a98e84a8bc39de3fd6f4dd885d4a0e30e59c4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed