cbcvebase.
CVE-2007-4137
published 2007-09-18

CVE-2007-4137: Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a…

PriorityP430high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.34%
81.5th percentile
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.

Affected

23 ranges
VendorProductVersion rangeFixed in
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt
trolltechqt

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.