CVE-2006-4811

Summary

CVE	CVE-2006-4811
State	PUBLISHED
Assigner	redhat
Source Priority	CVE Program / NVD first with legacy fallback
Published	2006-10-18 17:07:00 UTC
Updated	2026-04-23 00:35:47 UTC
Description	Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.

Risk And Classification

Primary CVSS: v2.0 6.8 from [email protected]

AV:N/AC:M/Au:N/C:P/I:P/A:P

Problem Types: CWE-189 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Qt	Qt	3.3.0	All	All	All
Application	Qt	Qt	3.3.1	All	All	All
Application	Qt	Qt	3.3.2	All	All	All
Application	Qt	Qt	3.3.3	All	All	All
Application	Qt	Qt	3.3.4	All	All	All
Application	Qt	Qt	3.3.5	All	All	All
Application	Qt	Qt	3.3.6	All	All	All
Application	Qt	Qt	4.1.0	All	All	All
Application	Qt	Qt	4.1.1	All	All	All
Application	Qt	Qt	4.1.2	All	All	All
Application	Qt	Qt	4.1.3	All	All	All
Application	Qt	Qt	4.1.4	All	All	All
Application	Qt	Qt	4.2.0	All	All	All
Application	Redhat	Kdelibs	3.1.3	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
Debian -- Security Information -- DSA-1200-1 qt-x11-free	af854a3a-2127-422b-91ae-364da2661108	www.us.debian.org
SGI Advanced Linux Environment Multiple Updates - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Gentoo update for emul-linux-x86-qtlibs - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Advisories - Mandriva Linux	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
The Slackware Linux Project: Slackware Security Advisories	af854a3a-2127-422b-91ae-364da2661108	slackware.com
Security Advisory SA22579 - Mandriva update for Qt - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Ubuntu update for Qt - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Patch, Vendor Advisory
Gentoo update for qt - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Gentoo Linux Documentation -- Qt: Integer overflow	af854a3a-2127-422b-91ae-364da2661108	security.gentoo.org
Webmail - OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com	Vendor Advisory
SUSE update for Qt - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
rPath update for kdelibs and qt-x11-free - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Patch, Vendor Advisory
Trolltech Releases Qt 3.3.7, 4.1.5 and 4.2.1, Addressing Security Issue — Trolltech	af854a3a-2127-422b-91ae-364da2661108	www.trolltech.com
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
patches.sgi.com/support/free/security/advisories/20061002-01-P	af854a3a-2127-422b-91ae-364da2661108	patches.sgi.com
Trolltech QT Pixmap Images Integer Overflow Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
[#RPL-723] qt and kdelibs integer overflow - rPath JIRA	af854a3a-2127-422b-91ae-364da2661108	issues.rpath.com
Object not found!	af854a3a-2127-422b-91ae-364da2661108	lists.suse.com
Slackware update for Qt - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
usn/usn-368-1 - Ubuntu: Linux for human beings	af854a3a-2127-422b-91ae-364da2661108	www.ubuntu.com	Patch
Red Hat update for kdelibs - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Patch, Vendor Advisory
Red Hat update for qt - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
rhn.redhat.com \| Red Hat Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com	Patch, Vendor Advisory
210742 – CVE-2006-4811 qt integer overflow	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
KDE Konqueror Integer Overflow in Processing Pixmap Images May Let Remote Users Execute Arbitrary Code - SecurityTracker	af854a3a-2127-422b-91ae-364da2661108	securitytracker.com
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
rhn.redhat.com \| Red Hat Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com	Vendor Advisory
Advisories - Mandriva Linux	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
Gentoo Linux Documentation -- AMD64 x86 emulation Qt library: Integer overflow	af854a3a-2127-422b-91ae-364da2661108	security.gentoo.org
patches.sgi.com/support/free/security/advisories/20061101-01-P	af854a3a-2127-422b-91ae-364da2661108	patches.sgi.com
SGI Advanced Linux Environment Update for kdelibs - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Qt Pixmap Image Handling Integer Overflow Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Patch, Vendor Advisory
Debian update for qt-x11-free - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Mandriva update for kdelibs - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Patch, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

There are currently no legacy QID mappings associated with this CVE.