ubuntu · CVE-2007-4137

Quick triage

Priority: medium Published: 2007-09-18 19:17:00 UTC Updated: 2025-08-04 19:20:54 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2007-4137 medium priority: Ubuntu including 2 source packages (qt-x11-free, qt4-x11), 8 status rows across 4 suites (dapper, edgy, feisty, upstream): released 5, ignored 3.

Description:

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.

cvelogic Threat Intelligence