qt4
Page content
- Author: voroskoi
- Vulnerable: 4.2.3-2terminus1
- Unaffected: 4.2.3-2terminus2
A vulnerability has been reported in Qt, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise an application using the library. The vulnerability is caused due to an off-by-one error within the “QUtf8Decoder::toUnicode()” function (“QUtf8Codec::convertToUnicode()” in Qt 4.x) in codecs/qutfcodec.cpp. This can be exploited to cause a one-byte heap-based buffer overflow via a specially crafted unicode string.
- Bug Tracker URL: http://bugs.frugalware.org/task/2422