1. CVE-Search
  2. CVE-2007-3388
ID CVE-2007-3388
Summary Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.
References
Vulnerable Configurations
  • cpe:2.3:a:trolltech:qt:*:*:*:*:*:*:*:*
    cpe:2.3:a:trolltech:qt:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 16-10-2018 - 16:49)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:21:22.685-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.
family unix
id oval:org.mitre.oval:def:9690
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.
version 30
redhat via4
advisories
bugzilla
id 248417
title CVE-2007-3388 qt3 format string flaw
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • comment qt is earlier than 1:3.3.3-11.RHEL4
          oval oval:com.redhat.rhsa:tst:20070721001
        • comment qt is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725002
      • AND
        • comment qt-MySQL is earlier than 1:3.3.3-11.RHEL4
          oval oval:com.redhat.rhsa:tst:20070721003
        • comment qt-MySQL is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725004
      • AND
        • comment qt-ODBC is earlier than 1:3.3.3-11.RHEL4
          oval oval:com.redhat.rhsa:tst:20070721005
        • comment qt-ODBC is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725006
      • AND
        • comment qt-PostgreSQL is earlier than 1:3.3.3-11.RHEL4
          oval oval:com.redhat.rhsa:tst:20070721007
        • comment qt-PostgreSQL is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725008
      • AND
        • comment qt-config is earlier than 1:3.3.3-11.RHEL4
          oval oval:com.redhat.rhsa:tst:20070721009
        • comment qt-config is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725010
      • AND
        • comment qt-designer is earlier than 1:3.3.3-11.RHEL4
          oval oval:com.redhat.rhsa:tst:20070721011
        • comment qt-designer is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725012
      • AND
        • comment qt-devel is earlier than 1:3.3.3-11.RHEL4
          oval oval:com.redhat.rhsa:tst:20070721013
        • comment qt-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725014
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment qt is earlier than 1:3.3.6-21.el5
          oval oval:com.redhat.rhsa:tst:20070721016
        • comment qt is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070721017
      • AND
        • comment qt-MySQL is earlier than 1:3.3.6-21.el5
          oval oval:com.redhat.rhsa:tst:20070721018
        • comment qt-MySQL is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070721019
      • AND
        • comment qt-ODBC is earlier than 1:3.3.6-21.el5
          oval oval:com.redhat.rhsa:tst:20070721020
        • comment qt-ODBC is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070721021
      • AND
        • comment qt-PostgreSQL is earlier than 1:3.3.6-21.el5
          oval oval:com.redhat.rhsa:tst:20070721022
        • comment qt-PostgreSQL is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070721023
      • AND
        • comment qt-config is earlier than 1:3.3.6-21.el5
          oval oval:com.redhat.rhsa:tst:20070721024
        • comment qt-config is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070721025
      • AND
        • comment qt-designer is earlier than 1:3.3.6-21.el5
          oval oval:com.redhat.rhsa:tst:20070721026
        • comment qt-designer is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070721027
      • AND
        • comment qt-devel is earlier than 1:3.3.6-21.el5
          oval oval:com.redhat.rhsa:tst:20070721028
        • comment qt-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070721029
      • AND
        • comment qt-devel-docs is earlier than 1:3.3.6-21.el5
          oval oval:com.redhat.rhsa:tst:20070721030
        • comment qt-devel-docs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070721031
rhsa
id RHSA-2007:0721
released 2007-07-31
severity Moderate
title RHSA-2007:0721: qt security update (Moderate)
rpms
  • qt-1:3.1.2-16.RHEL3
  • qt-1:3.3.3-11.RHEL4
  • qt-1:3.3.6-21.el5
  • qt-MySQL-1:3.1.2-16.RHEL3
  • qt-MySQL-1:3.3.3-11.RHEL4
  • qt-MySQL-1:3.3.6-21.el5
  • qt-ODBC-1:3.1.2-16.RHEL3
  • qt-ODBC-1:3.3.3-11.RHEL4
  • qt-ODBC-1:3.3.6-21.el5
  • qt-PostgreSQL-1:3.3.3-11.RHEL4
  • qt-PostgreSQL-1:3.3.6-21.el5
  • qt-config-1:3.1.2-16.RHEL3
  • qt-config-1:3.3.3-11.RHEL4
  • qt-config-1:3.3.6-21.el5
  • qt-debuginfo-1:3.1.2-16.RHEL3
  • qt-debuginfo-1:3.3.3-11.RHEL4
  • qt-debuginfo-1:3.3.6-21.el5
  • qt-designer-1:3.1.2-16.RHEL3
  • qt-designer-1:3.3.3-11.RHEL4
  • qt-designer-1:3.3.6-21.el5
  • qt-devel-1:3.1.2-16.RHEL3
  • qt-devel-1:3.3.3-11.RHEL4
  • qt-devel-1:3.3.6-21.el5
  • qt-devel-docs-1:3.3.6-21.el5
refmap via4
bid 25154
bugtraq 20070803 FLEA-2007-0042-1 qt
confirm
debian DSA-1426
fedora
  • FEDORA-2007-2216
  • FEDORA-2007-703
gentoo
  • GLSA-200708-16
  • GLSA-200710-28
  • GLSA-200712-08
mandriva MDKSA-2007:151
sectrack 1018485
secunia
  • 24460
  • 26264
  • 26284
  • 26291
  • 26295
  • 26298
  • 26306
  • 26385
  • 26607
  • 26804
  • 26852
  • 26882
  • 27996
  • 28021
sgi 20070801-01-P
slackware SSA:2007-222-03
suse SUSE-SA:2007:048
ubuntu USN-495-1
vupen ADV-2007-2733
Last major update 16-10-2018 - 16:49
Published 03-08-2007 - 20:17
Last modified 16-10-2018 - 16:49
Back to Top