High Nessus Plugin ID 14322
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2004:027 (qt3/qt3-non-mt/qt3-32bit/qt3-static).
The QT-library is an environment for GUI-programming and is used in various well-known projects, like KDE.
There is a heap overflow in the BMP image format parser. An attacker, exploiting this flaw, would need to be able to coerce a local user or program to process a specially crafted image file. Upon successful exploitation, the attacker would be able to execute arbitrary code.
In addition, there are 2 distinct flaws within the XPM parser which, when exploited, lead to a Denial of Service (DoS).