CVE - CVE-2007-3388

CVE-ID
CVE-2007-3388	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070803 FLEA-2007-0042-1 qt URL:http://www.securityfocus.com/archive/1/archive/1/475480/30/5550/threaded CONFIRM:http://dist.trolltech.com/developer/download/170529.diff CONFIRM:http://trolltech.com/company/newsroom/announcements/press.2007-07-27.7503755960 CONFIRM:https://issues.rpath.com/browse/RPL-1597 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-388.htm CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=185446 DEBIAN:DSA-1426 URL:http://www.debian.org/security/2007/dsa-1426 FEDORA:FEDORA-2007-2216 URL:http://fedoranews.org/updates/FEDORA-2007-221.shtml FEDORA:FEDORA-2007-703 URL:http://fedoranews.org/updates/FEDORA-2007-703.shtml GENTOO:GLSA-200708-16 URL:http://www.gentoo.org/security/en/glsa/glsa-200708-16.xml GENTOO:GLSA-200710-28 URL:http://www.gentoo.org/security/en/glsa/glsa-200710-28.xml GENTOO:GLSA-200712-08 URL:http://security.gentoo.org/glsa/glsa-200712-08.xml MANDRIVA:MDKSA-2007:151 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:151 REDHAT:RHSA-2007:0721 URL:http://www.redhat.com/support/errata/RHSA-2007-0721.html SGI:20070801-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc SLACKWARE:SSA:2007-222-03 URL:http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.354168 SUSE:SUSE-SA:2007:048 URL:http://www.novell.com/linux/security/advisories/2007_48_qt3.html UBUNTU:USN-495-1 URL:http://www.ubuntu.com/usn/usn-495-1 BID:25154 URL:http://www.securityfocus.com/bid/25154 OVAL:oval:org.mitre.oval:def:9690 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9690 VUPEN:ADV-2007-2733 URL:http://www.vupen.com/english/advisories/2007/2733 SECTRACK:1018485 URL:http://securitytracker.com/id?1018485 SECUNIA:26295 URL:http://secunia.com/advisories/26295 SECUNIA:26298 URL:http://secunia.com/advisories/26298 SECUNIA:26264 URL:http://secunia.com/advisories/26264 SECUNIA:26284 URL:http://secunia.com/advisories/26284 SECUNIA:26291 URL:http://secunia.com/advisories/26291 SECUNIA:26306 URL:http://secunia.com/advisories/26306 SECUNIA:26385 URL:http://secunia.com/advisories/26385 SECUNIA:24460 URL:http://secunia.com/advisories/24460 SECUNIA:26607 URL:http://secunia.com/advisories/26607 SECUNIA:26852 URL:http://secunia.com/advisories/26852 SECUNIA:26804 URL:http://secunia.com/advisories/26804 SECUNIA:26882 URL:http://secunia.com/advisories/26882 SECUNIA:27996 URL:http://secunia.com/advisories/27996 SECUNIA:28021 URL:http://secunia.com/advisories/28021
Assigning CNA
N/A
Date Entry Created
20070625	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070625)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures List and the associated references from this Web site are subject to the Terms of Use. For more information, please email cve@mitre.org.

CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks and CVE-Compatible is a trademark of The MITRE Corporation.

Site Map
Privacy policy
Terms of use
Contact us