CVE-2007-4137: Buffer Overflow
Dirk Mueller reported an off by one buffer overflow flaw in the way QT parses certain unicode strings.
To quote Dirk:
Ive found a off-by-one buffer overflow in QUtf8Decoder::toUnicode(). It is not exploitable with Qt 4.x or above because there is an additional QChar(0) being allocated in QString, however it is still a bug there, as the array returned by utf16() etc is no longer terminated properly.
Other sources
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.
— MITRE
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2007-4137?
CVE-2007-4137 is classified as a buffer overflow vulnerability which can potentially lead to application crashes.
How do I fix CVE-2007-4137?
To fix CVE-2007-4137, ensure Qt is updated to version 4.x or above where the vulnerability is not exploitable.
Which software is affected by CVE-2007-4137?
CVE-2007-4137 affects older versions of the Qt library, particularly versions prior to 4.0.
Can CVE-2007-4137 be exploited remotely?
CVE-2007-4137 is not known to be easily exploitable in a remote manner, as it primarily affects local applications processing malformed input.
What platforms are impacted by CVE-2007-4137?
CVE-2007-4137 impacts various Linux distributions that utilize the affected versions of Qt.