Debian DSA-542-1 : qt - unsanitised input

NASLDB: Debian DSA-542-1 : qt - unsanitised input

General

ID: 15379
Name: Debian DSA-542-1 : qt – unsanitised input

Summary: Checks dpkg output for the updated package

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: –

Port: 0
Family: Debian Local Security Checks
Type: Local

Description

Several vulnerabilities were discovered in recent versions of Qt, a
commonly used graphic widget set, used in KDE for example. The first
problem allows an attacker to execute arbitrary code, while the other
two only seem to pose a denial of service danger. The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities :

– CAN-2004-0691 :
Chris Evans has discovered a heap-based overflow when
handling 8-bit RLE encoded BMP files.

– CAN-2004-0692 :

Marcus Meissner has discovered a crash condition in the
XPM handling code, which is not yet fixed in Qt 3.3.

– CAN-2004-0693 :

Marcus Meissner has discovered a crash condition in the
GIF handling code, which is not yet fixed in Qt 3.3.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2004-0691
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2004/08/18
Patch Release: 2004/08/30
Plugin Release: 2004/09/29

Plugin

Version: 1.17
Filename: debian_DSA-542.nasl
Filesize: 4447 bytes
MD5 Hash: 5b5931d355aeb322ecc78a0cdf663b22

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Latest Plugins

Latest Plugins

scip AG