PublicDate: 2007-09-18 19:17:00 UTC
Candidate: CVE-2007-4137
References:
 https://ubuntu.com/security/notices/USN-513-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4137
Description:
 Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3
 allows context-dependent attackers to cause a denial of service (crash) via
 a crafted Unicode string that triggers a heap-based buffer overflow.  NOTE:
 Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but
 it is not exploitable.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: riddell
CVSS: 

upstream_qt-x11-free: released (3.3.9)
dapper_qt-x11-free: released (3.3.6-1ubuntu6.4)
edgy_qt-x11-free: released (3.3.6-3ubuntu3.3)
feisty_qt-x11-free: released (3.3.8really3.3.7-0ubuntu5.2)
devel_qt-x11-free: released (3:3.3.8really3.3.7-0ubuntu11)

upstream_qt4-x11: released (4.3.2)
dapper_qt4-x11: ignored (not vulnerable)
edgy_qt4-x11: ignored (not vulnerable)
feisty_qt4-x11: ignored (not vulnerable)
devel_qt4-x11: released (4.3.1-0ubuntu3)