SUSE-SA:2004:027: qt3/qt3-non-mt/qt3-32bit/qt3-static

High Nessus Plugin ID 14322


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2004:027 (qt3/qt3-non-mt/qt3-32bit/qt3-static).

The QT-library is an environment for GUI-programming and is used in various well-known projects, like KDE.

There is a heap overflow in the BMP image format parser. An attacker, exploiting this flaw, would need to be able to coerce a local user or program to process a specially crafted image file. Upon successful exploitation, the attacker would be able to execute arbitrary code.

In addition, there are 2 distinct flaws within the XPM parser which, when exploited, lead to a Denial of Service (DoS).


Plugin Details

Severity: High

ID: 14322

File Name: suse_SA_2004_027.nasl

Version: $Revision: 1.11 $

Agent: unix

Published: 2004/08/20

Modified: 2010/10/06

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2004-0691, CVE-2004-0692, CVE-2004-0693

BID: 10977