Debian: DSA-1988-1 Critical Risk for qt4-x11 Remote Code Execution
debian
February 2, 2010
Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework
Summary
Several vulnerabilities have been discovered in qt4-x11, a cross-platform
C++ application framework.
The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2009-0945
Array index error in the insertItemBefore method in WebKit, as used in qt4-x11,
allows remote attackers to execute arbitrary code.
CVE-2009-1687
The JavaScript garbage collector in WebKit, as used in qt4-x11 does not
properly handle allocation failures, which allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted HTML document that triggers write
access to an "offset of a NULL pointer.
CVE-2009-1690
Use-after-free vulnerability in WebKit, as used in qt4-x11, allows remote
attackers to execute arbitrary code or cause a denial of service (memory
corruption and application crash) by setting an unspecified property of
an HTML tag that causes child elements to be freed and later accessed
when an HTML error occurs.
CVE-2009-1698
WebKi...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!