SUSE-SA:2004:027: qt3/qt3-non-mt/qt3-32bit/qt3-static

high Nessus Plugin ID 14322

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2004:027 (qt3/qt3-non-mt/qt3-32bit/qt3-static).


The QT-library is an environment for GUI-programming and is used in various well-known projects, like KDE.

There is a heap overflow in the BMP image format parser. An attacker, exploiting this flaw, would need to be able to coerce a local user or program to process a specially crafted image file. Upon successful exploitation, the attacker would be able to execute arbitrary code.

In addition, there are 2 distinct flaws within the XPM parser which, when exploited, lead to a Denial of Service (DoS).

Solution

http://www.suse.de/security/2004_27_qt3.html

Plugin Details

Severity: High

ID: 14322

File Name: suse_SA_2004_027.nasl

Version: 1.15

Agent: unix

Published: 8/20/2004

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2004-0691, CVE-2004-0692, CVE-2004-0693

BID: 10977