CVE-2007-3388

Description

Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.

6.8

CVSS

Severity: Medium

CVSS 2.0 •

EPSS 7.02% Top 10%

Vendor Advisory gentoo.org Vendor Advisory ubuntu.com Vendor Advisory novell.com Vendor Advisory mandriva.com Vendor Advisory gentoo.org Vendor Advisory fedoranews.org Vendor Advisory fedoranews.org Vendor Advisory sgi.com Vendor Advisory gentoo.org Vendor Advisory redhat.com Vendor Advisory slackware.org Vendor Advisory debian.org Vendor Advisory secunia.com

Affected: n/a n/a

References

Link	Tags
https://issues.rpath.com/browse/RPL-1597
http://securitytracker.com/id?1018485	vdb entry patch
http://secunia.com/advisories/26385	third party advisory
http://trolltech.com/company/newsroom/announcements/press.2007-07-27.7503755960	patch
http://secunia.com/advisories/26298	third party advisory patch
http://www.gentoo.org/security/en/glsa/glsa-200710-28.xml	vendor advisory
http://www.ubuntu.com/usn/usn-495-1	vendor advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-388.htm
http://www.vupen.com/english/advisories/2007/2733	vdb entry
http://www.novell.com/linux/security/advisories/2007_48_qt3.html	vendor advisory
http://secunia.com/advisories/26284	third party advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:151	vendor advisory
http://secunia.com/advisories/27996	third party advisory
http://dist.trolltech.com/developer/download/170529.diff
http://secunia.com/advisories/26882	third party advisory
http://secunia.com/advisories/26607	third party advisory
http://secunia.com/advisories/26264	third party advisory
http://www.gentoo.org/security/en/glsa/glsa-200708-16.xml	vendor advisory
http://secunia.com/advisories/26291	third party advisory
http://secunia.com/advisories/24460	third party advisory
http://secunia.com/advisories/26306	third party advisory
http://secunia.com/advisories/26804	third party advisory
http://www.securityfocus.com/bid/25154	vdb entry patch
http://www.securityfocus.com/archive/1/475480/30/5550/threaded	mailing list
http://secunia.com/advisories/26852	third party advisory
http://bugs.gentoo.org/show_bug.cgi?id=185446
http://fedoranews.org/updates/FEDORA-2007-703.shtml	vendor advisory
http://fedoranews.org/updates/FEDORA-2007-221.shtml	vendor advisory
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc	vendor advisory
http://security.gentoo.org/glsa/glsa-200712-08.xml	vendor advisory
http://secunia.com/advisories/28021	third party advisory
http://www.redhat.com/support/errata/RHSA-2007-0721.html	vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9690	vdb entry signature
http://secunia.com/advisories/26295	third party advisory vendor advisory
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.354168	vendor advisory
http://www.debian.org/security/2007/dsa-1426	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2007-3388?: CVE-2007-3388 has been scored as a medium severity vulnerability.
How to fix CVE-2007-3388?: To fix CVE-2007-3388, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2007-3388 being actively exploited in the wild?: It is possible that CVE-2007-3388 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~7% probability that this vulnerability will be exploited by malicious actors in the next 30 days.