Vulnerabilities > CVE-2006-4811 - Numeric Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 13 | |
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200703-06.NASL description The remote host is affected by the vulnerability described in GLSA-200703-06 (AMD64 x86 emulation Qt library: Integer overflow) An integer overflow flaw has been found in the pixmap handling of Qt, making the AMD64 x86 emulation Qt library vulnerable as well. Impact : By enticing a user to open a specially crafted pixmap image in an application using the AMD64 x86 emulation Qt library, a remote attacker could cause an application crash or the remote execution of arbitrary code with the rights of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 24773 published 2007-03-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24773 title GLSA-200703-06 : AMD64 x86 emulation Qt library: Integer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200703-06. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(24773); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2006-4811"); script_xref(name:"GLSA", value:"200703-06"); script_name(english:"GLSA-200703-06 : AMD64 x86 emulation Qt library: Integer overflow"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200703-06 (AMD64 x86 emulation Qt library: Integer overflow) An integer overflow flaw has been found in the pixmap handling of Qt, making the AMD64 x86 emulation Qt library vulnerable as well. Impact : By enticing a user to open a specially crafted pixmap image in an application using the AMD64 x86 emulation Qt library, a remote attacker could cause an application crash or the remote execution of arbitrary code with the rights of the user running the application. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200611-02" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200703-06" ); script_set_attribute( attribute:"solution", value: "All AMD64 x86 emulation Qt library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-qtlibs-10.0'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:emul-linux-x86-qtlibs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/03/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-emulation/emul-linux-x86-qtlibs", unaffected:make_list("ge 10.0"), vulnerable:make_list("lt 10.0"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "AMD64 x86 emulation Qt library"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0720.NASL description Updated kdelibs packages that correct an integer overflow flaw are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment (KDE). Qt is a GUI software toolkit for the X Window System. An integer overflow flaw was found in the way Qt handled pixmap images. The KDE khtml library uses Qt in such a way that untrusted parameters could be passed to Qt, triggering the overflow. An attacker could for example create a malicious web page that when viewed by a victim in the Konqueror browser would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the victim. (CVE-2006-4811) Users of KDE should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22880 published 2006-10-20 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22880 title CentOS 3 / 4 : kdelibs (CESA-2006:0720) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-187.NASL description An integer overflow was discovered in the way that Qt handled pixmap images. This flaw could be exploited by a remote attacker in a malicious website that, when viewed by an individual using an application that uses Qt (like Konqueror), would cause it to crash or possibly execute arbitrary code with the privileges of the user. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24572 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24572 title Mandrake Linux Security Advisory : qt (MDKSA-2006:187) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0725.NASL description Updated qt packages that correct an integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. An integer overflow flaw was found in the way Qt handled certain pixmap images. If an application linked against Qt created a pixmap image in a certain way, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2006-4811) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22940 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22940 title RHEL 2.1 / 3 / 4 : qt (RHSA-2006:0725) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-298-01.NASL description New qt packages are available for Slackware 10.0, 10.1, 10.2, and 11.0 to fix a possible security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24657 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24657 title Slackware 10.0 / 10.1 / 10.2 / 11.0 : qt (SSA:2006-298-01) NASL family SuSE Local Security Checks NASL id SUSE_QT-2187.NASL description Multiple integer overflows have been found in image processing functions within the QT library. These could potentially lead to heap overflows and code execution. (CVE-2006-4811) last seen 2020-06-01 modified 2020-06-02 plugin id 29561 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29561 title SuSE 10 Security Update : Qt (ZYPP Patch Number 2187) NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_063.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:063 (Qt). Multiple integer overflows have been found in image processing functions within the Qt class library, used for instance by the web browser last seen 2019-10-28 modified 2007-02-18 plugin id 24441 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24441 title SUSE-SA:2006:063: Qt NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1200.NASL description An integer overflow has been found in the pixmap handling routines in the Qt GUI libraries. This could allow an attacker to cause a denial of service and possibly execute arbitrary code by providing a specially crafted image file and inducing the victim to view it in an application based on Qt. last seen 2020-06-01 modified 2020-06-02 plugin id 22927 published 2006-10-31 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22927 title Debian DSA-1200-1 : qt-x11-free - integer overflow NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-186.NASL description A vulnerability was discovered in the way that Qt handled pixmap images and the KDE khtml library used Qt in such a way that untrusted parameters could be passed to Qt, resulting in an integer overflow. This flaw could be exploited by a remote attacker in a malicious website that, when viewed by an individual using Konqueror, would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the user. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24571 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24571 title Mandrake Linux Security Advisory : kdelibs (MDKSA-2006:186) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0725.NASL description From Red Hat Security Advisory 2006:0725 : Updated qt packages that correct an integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. An integer overflow flaw was found in the way Qt handled certain pixmap images. If an application linked against Qt created a pixmap image in a certain way, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2006-4811) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67417 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67417 title Oracle Linux 3 / 4 : qt (ELSA-2006-0725) NASL family SuSE Local Security Checks NASL id SUSE_QT-2188.NASL description Multiple integer overflows have been found in image processing functions within the QT library. These could potentially lead to heap overflows and code execution. (CVE-2006-4811) last seen 2020-06-01 modified 2020-06-02 plugin id 27410 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27410 title openSUSE 10 Security Update : qt (qt-2188) NASL family SuSE Local Security Checks NASL id SUSE_QT3-2190.NASL description Multiple integer overflows have been found in image processing functions within the QT library. These could potentially lead to heap overflows and code execution. (CVE-2006-4811) last seen 2020-06-01 modified 2020-06-02 plugin id 29563 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29563 title SuSE 10 Security Update : Qt3 (ZYPP Patch Number 2190) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0720.NASL description From Red Hat Security Advisory 2006:0720 : Updated kdelibs packages that correct an integer overflow flaw are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment (KDE). Qt is a GUI software toolkit for the X Window System. An integer overflow flaw was found in the way Qt handled pixmap images. The KDE khtml library uses Qt in such a way that untrusted parameters could be passed to Qt, triggering the overflow. An attacker could for example create a malicious web page that when viewed by a victim in the Konqueror browser would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the victim. (CVE-2006-4811) Users of KDE should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67416 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67416 title Oracle Linux 3 / 4 : kdelibs (ELSA-2006-0720) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D8FBF13A621511DBA59E0211D85F11FB.NASL description Red Hat reports : An integer overflow flaw was found in the way Qt handled pixmap images. The KDE khtml library uses Qt in such a way that untrusted parameters could be passed to Qt, triggering the overflow. An attacker could for example create a malicious web page that when viewed by a victim in the Konqueror browser would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the victim. last seen 2020-06-01 modified 2020-06-02 plugin id 22912 published 2006-10-25 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22912 title FreeBSD : kdelibs -- integer overflow in khtml (d8fbf13a-6215-11db-a59e-0211d85f11fb) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200611-02.NASL description The remote host is affected by the vulnerability described in GLSA-200611-02 (Qt: Integer overflow) An integer overflow flaw has been found in the pixmap handling of Qt. Impact : By enticing a user to open a specially crafted pixmap image in an application using Qt, e.g. Konqueror, a remote attacker could be able to cause an application crash or the execution of arbitrary code with the rights of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 23626 published 2006-11-07 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23626 title GLSA-200611-02 : Qt: Integer overflow NASL family SuSE Local Security Checks NASL id SUSE_QT3-2189.NASL description Multiple integer overflows have been found in image processing functions within the QT library. These could potentially lead to heap overflows and code execution. (CVE-2006-4811) last seen 2020-06-01 modified 2020-06-02 plugin id 27412 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27412 title openSUSE 10 Security Update : qt3 (qt3-2189) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0720.NASL description Updated kdelibs packages that correct an integer overflow flaw are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment (KDE). Qt is a GUI software toolkit for the X Window System. An integer overflow flaw was found in the way Qt handled pixmap images. The KDE khtml library uses Qt in such a way that untrusted parameters could be passed to Qt, triggering the overflow. An attacker could for example create a malicious web page that when viewed by a victim in the Konqueror browser would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the victim. (CVE-2006-4811) Users of KDE should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22896 published 2006-10-20 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22896 title RHEL 2.1 / 3 / 4 : kdelibs (RHSA-2006:0720) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-368-1.NASL description An integer overflow was discovered in Qt last seen 2020-06-01 modified 2020-06-02 plugin id 27948 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27948 title Ubuntu 5.04 / 5.10 / 6.06 LTS : qt-x11-free vulnerability (USN-368-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0725.NASL description Updated qt packages that correct an integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. An integer overflow flaw was found in the way Qt handled certain pixmap images. If an application linked against Qt created a pixmap image in a certain way, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2006-4811) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 36520 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36520 title CentOS 3 / 4 : qt (CESA-2006:0725)
Oval
| accepted | 2013-04-29T04:03:39.226-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:10218 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. | ||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- http://www.redhat.com/support/errata/RHSA-2006-0720.html
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742
- http://www.securityfocus.com/bid/20599
- http://secunia.com/advisories/22479
- http://secunia.com/advisories/22485
- http://secunia.com/advisories/22492
- http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733
- http://www.ubuntu.com/usn/usn-368-1
- http://secunia.com/advisories/22380
- http://secunia.com/advisories/22520
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.483634
- http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html
- http://securitytracker.com/id?1017084
- http://secunia.com/advisories/22397
- http://secunia.com/advisories/22579
- http://secunia.com/advisories/22589
- http://www.us.debian.org/security/2006/dsa-1200
- http://secunia.com/advisories/22645
- https://issues.rpath.com/browse/RPL-723
- http://security.gentoo.org/glsa/glsa-200611-02.xml
- http://www.redhat.com/support/errata/RHSA-2006-0725.html
- http://secunia.com/advisories/22586
- http://secunia.com/advisories/22738
- ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P
- ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
- http://secunia.com/advisories/22890
- http://secunia.com/advisories/22929
- http://security.gentoo.org/glsa/glsa-200703-06.xml
- http://secunia.com/advisories/24347
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:186
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:187
- http://www.vupen.com/english/advisories/2006/4099
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218
- http://www.securityfocus.com/archive/1/449173/100/0/threaded