CVE-2006-4811

Summary

CVE	CVE-2006-4811
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2006-10-18 17:07:00 UTC
Updated	2021-06-16 12:43:00 UTC
Description	Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.

Risk And Classification

Problem Types: CWE-189

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Digia	Qt	3.3.0	All	All	All
Application	Digia	Qt	3.3.1	All	All	All
Application	Digia	Qt	3.3.2	All	All	All
Application	Digia	Qt	3.3.3	All	All	All
Application	Digia	Qt	3.3.4	All	All	All
Application	Digia	Qt	3.3.5	All	All	All
Application	Digia	Qt	3.3.6	All	All	All
Application	Digia	Qt	4.1.0	All	All	All
Application	Digia	Qt	4.1.1	All	All	All
Application	Digia	Qt	4.1.2	All	All	All
Application	Digia	Qt	4.1.3	All	All	All
Application	Digia	Qt	4.1.4	All	All	All
Application	Digia	Qt	4.2.0	All	All	All
Application	Digia	Qt	3.3.0	All	All	All
Application	Digia	Qt	3.3.1	All	All	All
Application	Digia	Qt	3.3.2	All	All	All
Application	Digia	Qt	3.3.3	All	All	All
Application	Digia	Qt	3.3.4	All	All	All
Application	Digia	Qt	3.3.5	All	All	All
Application	Digia	Qt	3.3.6	All	All	All
Application	Digia	Qt	4.1.0	All	All	All
Application	Digia	Qt	4.1.1	All	All	All
Application	Digia	Qt	4.1.2	All	All	All
Application	Digia	Qt	4.1.3	All	All	All
Application	Digia	Qt	4.1.4	All	All	All
Application	Digia	Qt	4.2.0	All	All	All
Application	Qt	Qt	3.3.0	All	All	All
Application	Qt	Qt	3.3.1	All	All	All
Application	Qt	Qt	3.3.2	All	All	All
Application	Qt	Qt	3.3.3	All	All	All
Application	Qt	Qt	3.3.4	All	All	All
Application	Qt	Qt	3.3.5	All	All	All
Application	Qt	Qt	3.3.6	All	All	All
Application	Qt	Qt	4.1.0	All	All	All
Application	Qt	Qt	4.1.1	All	All	All
Application	Qt	Qt	4.1.2	All	All	All
Application	Qt	Qt	4.1.3	All	All	All
Application	Qt	Qt	4.1.4	All	All	All
Application	Qt	Qt	4.2.0	All	All	All
Application	Redhat	Kdelibs	3.1.3	All	All	All
Application	Redhat	Kdelibs	3.1.3	All	All	All

References

Reference	Source	Link	Tags
Object not found!	SUSE	lists.suse.com
The Slackware Linux Project: Slackware Security Advisories	SLACKWARE	slackware.com
Advisories - Mandriva Linux	MANDRIVA	www.mandriva.com
Advisories - Mandriva Linux	MANDRIVA	www.mandriva.com
SGI Advanced Linux Environment Multiple Updates - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Red Hat update for kdelibs - Secunia.com	SECUNIA	secunia.com	Patch, Vendor Advisory
Ubuntu update for Qt - Advisories - Secunia	SECUNIA	secunia.com	Patch, Vendor Advisory
Repository / Oval Repository	OVAL	oval.cisecurity.org
Gentoo update for qt - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Gentoo Linux Documentation -- AMD64 x86 emulation Qt library: Integer overflow	GENTOO	security.gentoo.org
Trolltech Releases Qt 3.3.7, 4.1.5 and 4.2.1, Addressing Security Issue — Trolltech	CONFIRM	www.trolltech.com
Debian -- Security Information -- DSA-1200-1 qt-x11-free	DEBIAN	www.us.debian.org
20061002-01-P	SGI	patches.sgi.com
Debian update for qt-x11-free - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
Trolltech QT Pixmap Images Integer Overflow Vulnerability	BID	www.securityfocus.com
Mandriva update for kdelibs - Secunia.com	SECUNIA	secunia.com	Patch, Vendor Advisory
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com	Patch, Vendor Advisory
[#RPL-723] qt and kdelibs integer overflow - rPath JIRA	CONFIRM	issues.rpath.com
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com	Vendor Advisory
SUSE update for Qt - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
KDE Konqueror Integer Overflow in Processing Pixmap Images May Let Remote Users Execute Arbitrary Code - SecurityTracker	SECTRACK	securitytracker.com
Webmail - OVH	VUPEN	www.vupen.com	Vendor Advisory
Gentoo Linux Documentation -- Qt: Integer overflow	GENTOO	security.gentoo.org
Slackware update for Qt - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
SecurityFocus	BUGTRAQ	www.securityfocus.com
rPath update for kdelibs and qt-x11-free - Secunia.com	SECUNIA	secunia.com	Patch, Vendor Advisory
Gentoo update for emul-linux-x86-qtlibs - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
SGI Advanced Linux Environment Update for kdelibs - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
210742 – CVE-2006-4811 qt integer overflow	CONFIRM	bugzilla.redhat.com
Qt Pixmap Image Handling Integer Overflow Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Patch, Vendor Advisory
20061101-01-P	SGI	patches.sgi.com
Red Hat update for qt - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
usn/usn-368-1 - Ubuntu: Linux for human beings	UBUNTU	www.ubuntu.com	Patch
Security Advisory SA22579 - Mandriva update for Qt - Secunia	SECUNIA	secunia.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

There are currently no legacy QID mappings associated with this CVE.