• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Trolltech QT Pixmap Images Integer Overflow Vulnerability

Severity: HIGH

Description:

Trolltech Qt is an application-development framework for the KDE desktop system. It supports windowing, multimedia, and other functionality.

Qt is prone to an integer-overflow vulnerability because the library fails to properly bounds-check user-supplied input.

The problem occurs when Qt handles specially malformed pixmap images. Specifically, the KDE khtml library uses Qt with improperly verified data that could trigger an integer overflow. A possible exploit vector could be a malicious web page viewed through Konqueror.

An attacker can exploit this vulnerability to execute arbitrary code in the context of affected applications, such as Konqueror and Kmail; other applications may also be vulnerable. Failed exploit attempts will likely cause denial-of-service conditions.

Affected Products:

• Conectiva Linux 10.0.0
• Conectiva Linux 9.0.0
• Debian Linux 2.2.0
• Debian Linux 2.2.0 68k
• Debian Linux 2.2.0 IA-32
• Debian Linux 2.2.0 alpha
• Debian Linux 2.2.0 arm
• Debian Linux 2.2.0 powerpc
• Debian Linux 2.2.0 sparc
• Debian Linux 3.0.0
• Debian Linux 3.0.0 alpha
• Debian Linux 3.0.0 arm
• Debian Linux 3.0.0 hppa
• Debian Linux 3.0.0 ia-32
• Debian Linux 3.0.0 ia-64
• Debian Linux 3.0.0 m68k
• Debian Linux 3.0.0 mips
• Debian Linux 3.0.0 mipsel
• Debian Linux 3.0.0 ppc
• Debian Linux 3.0.0 s/390
• Debian Linux 3.0.0 sparc
• Debian Linux 3.1.0
• Debian Linux 3.1.0 alpha
• Debian Linux 3.1.0 amd64
• Debian Linux 3.1.0 arm
• Debian Linux 3.1.0 hppa
• Debian Linux 3.1.0 ia-32
• Debian Linux 3.1.0 ia-64
• Debian Linux 3.1.0 m68k
• Debian Linux 3.1.0 mips
• Debian Linux 3.1.0 mipsel
• Debian Linux 3.1.0 ppc
• Debian Linux 3.1.0 s/390
• Debian Linux 3.1.0 sparc
• Gentoo Linux
• KDE KDE 2.2.2
• KDE KDE 3.1.3
• KDE KDE 3.3.1
• KDE kdelibs 3.5.4
• Linux kernel 2.4.19
• Linux kernel 2.4.21
• Linux kernel 2.6.5
• MandrakeSoft Corporate Server 3.0.0
• MandrakeSoft Corporate Server 3.0.0 x86_64
• MandrakeSoft Corporate Server 4.0
• MandrakeSoft Corporate Server 4.0.0 x86_64
• MandrakeSoft Linux Mandrake 10.0.0
• MandrakeSoft Linux Mandrake 10.0.0 amd64
• MandrakeSoft Linux Mandrake 2006.0.0
• MandrakeSoft Linux Mandrake 2006.0.0 x86_64
• MandrakeSoft Linux Mandrake 2007.0
• MandrakeSoft Linux Mandrake 2007.0 x86_64
• MandrakeSoft Linux Mandrake 8.1.0
• MandrakeSoft Linux Mandrake 8.1.0 ia64
• MandrakeSoft Linux Mandrake 8.2.0
• MandrakeSoft Linux Mandrake 8.2.0 ppc
• MandrakeSoft Linux Mandrake 9.2.0
• MandrakeSoft Linux Mandrake 9.2.0 amd64
• RedHat Advanced Workstation for the Itanium Processor 2.1.0
• RedHat Advanced Workstation for the Itanium Processor 2.1.0 IA64
• RedHat Desktop 3.0.0
• RedHat Desktop 4.0.0
• RedHat Enterprise Linux AS 2.1
• RedHat Enterprise Linux AS 2.1 IA64
• RedHat Enterprise Linux AS 3
• RedHat Enterprise Linux AS 4
• RedHat Enterprise Linux ES 2.1
• RedHat Enterprise Linux ES 2.1 IA64
• RedHat Enterprise Linux ES 3
• RedHat Enterprise Linux ES 4
• RedHat Enterprise Linux WS 2.1
• RedHat Enterprise Linux WS 2.1 IA64
• RedHat Enterprise Linux WS 3
• RedHat Enterprise Linux WS 4
• RedHat Fedora Core3
• RedHat Fedora Core5
• RedHat Fedora Core6
• RedHat Linux 7.1.0 i386
• RedHat Linux 7.2.0 i386
• RedHat Linux 7.2.0 ia64
• RedHat Linux Advanced Work Station 2.1.0
• S.u.S.E. Linux Desktop 1.0.0
• S.u.S.E. Linux Enterprise SDK 10
• S.u.S.E. Linux Enterprise Server 8
• S.u.S.E. Linux Enterprise Server 9
• S.u.S.E. Linux Personal 10.0.0 OSS
• S.u.S.E. Linux Personal 10.1
• S.u.S.E. Linux Personal 9.2.0
• S.u.S.E. Linux Personal 9.2.0 x86_64
• S.u.S.E. Linux Personal 9.3.0
• S.u.S.E. Linux Personal 9.3.0 x86_64
• S.u.S.E. Linux Professional 10.0.0
• S.u.S.E. Linux Professional 10.0.0 OSS
• S.u.S.E. Linux Professional 10.1
• S.u.S.E. Linux Professional 9.2.0
• S.u.S.E. Linux Professional 9.2.0 x86_64
• S.u.S.E. Linux Professional 9.3.0
• S.u.S.E. Linux Professional 9.3.0 x86_64
• S.u.S.E. Novell Linux Desktop 1.0.0
• S.u.S.E. Novell Linux Desktop 9
• S.u.S.E. Novell Linux Desktop 9.0.0
• S.u.S.E. Novell Linux POS 9
• S.u.S.E. Open-Enterprise-Server
• S.u.S.E. SLE SDK 10
• S.u.S.E. SLE SDK 9
• S.u.S.E. SUSE LINUX Retail Solution 8.0.0
• S.u.S.E. SUSE Linux Enterprise Desktop 10
• S.u.S.E. SUSE Linux Enterprise Server 10
• S.u.S.E. SuSE Linux Openexchange Server 4.0.0
• S.u.S.E. SuSE Linux School Server for i386
• S.u.S.E. SuSE Linux Standard Server 8.0.0
• S.u.S.E. UnitedLinux 1.0.0
• SGI ProPack 3.0.0 SP6
• Slackware Linux 10.0.0
• Slackware Linux 10.1.0
• Slackware Linux 10.2.0
• Slackware Linux 11.0
• Sun Linux 5.0.5
• Sun Linux 5.0.6
• Sun Linux 5.0.7
• Trolltech Qt 2.3.1
• Trolltech Qt 3.0.0
• Trolltech Qt 3.0.3
• Trolltech Qt 3.0.5
• Trolltech Qt 3.1.0
• Trolltech Qt 3.1.1
• Trolltech Qt 3.1.2
• Trolltech Qt 3.2.1
• Trolltech Qt 3.2.3
• Trolltech Qt 3.3.0 .0
• Trolltech Qt 3.3.1
• Trolltech Qt 3.3.2
• Trolltech Qt 3.3.3
• Trolltech Qt 3.3.4
• Trolltech Qt 3.3.5
• Trolltech Qt 3.3.6
• Trolltech Qt 4.0.1
• Trolltech Qt 4.1
• Trolltech Qt 4.1.0
• Trolltech Qt 4.2
• Turbolinux Turbolinux FUJI
• Ubuntu Ubuntu Linux 5.0.0 4 amd64
• Ubuntu Ubuntu Linux 5.0.0 4 i386
• Ubuntu Ubuntu Linux 5.0.0 4 powerpc
• Ubuntu Ubuntu Linux 5.10.0 amd64
• Ubuntu Ubuntu Linux 5.10.0 i386
• Ubuntu Ubuntu Linux 5.10.0 powerpc
• Ubuntu Ubuntu Linux 5.10.0 sparc
• Ubuntu Ubuntu Linux 6.06 LTS amd64
• Ubuntu Ubuntu Linux 6.06 LTS i386
• Ubuntu Ubuntu Linux 6.06 LTS powerpc
• Ubuntu Ubuntu Linux 6.06 LTS sparc
• rPath rPath Linux 1

References:

• CVE: CVE-2006-4811
• KDE: KDE Home Page
• Red Hat: Bugzilla Bug 210742: CVE-2006-4811 qt integer overflow
• Red Hat: RHSA-2006:0720-5 - kdelibs security update
• Red Hat: RHSA-2006:0725-3 - qt security update
• Trolltech: QT Home Page
• Trolltech: Trolltech Releases Qt 3.3.7, 4.1.5 and 4.2.1, Addressing Security Issue

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.