Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2004:085: qt3


Vulnerability Assessment Details

MDKSA-2004:085: qt3

Vulnerability Assessment Summary
Check for the version of the qt3 package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory MDKSA-2004:085 (qt3).


Chris Evans discovered a heap-based overflow in the QT library when handling
8-bit RLE encoded BMP files. This vulnerability could permit for the compromise
of the account used to view or browse malicious BMP files. On subsequent
investigation, it was also found that the handlers for XPM, GIF, and JPEG image
types were also faulty.
These problems affect all applications that use QT to handle image files, such
as QT-based image viewers, the Konqueror web browser, and others.
The updated packages have been patched to correct these problems.


Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:085
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors

Pentium 2 CPU Bracket - New in plastic bag
$5.99
Pentium 2 CPU Bracket - New in plastic bag pictureIntel Core i5-4570 SR14E 3.20GHz 6MB SmartCache Quad Core Processors
$115.0
Intel Core i5-4570 SR14E 3.20GHz 6MB SmartCache Quad Core Processors pictureIntel Core i3-3220 3.3GHz Dual-Core Processor
$31.0
Intel Core i3-3220 3.3GHz Dual-Core Processor pictureP4VXMS - ECS Elitegroup Motherboard P4 S423 CPU - New in Box
$9.99
P4VXMS - ECS Elitegroup Motherboard P4 S423 CPU - New in Box picture


Discussions

No Discussions have been posted on this vulnerability.