qt4

Page content
  • Author: voroskoi
  • Vulnerable: 4.2.3-1
  • Unaffected: 4.2.3-2terminus1

Andreas Nolden has reported a vulnerability in Qt, which potentially can be exploited to conduct cross-site scripting attacks in applications using the Qt libraries. The vulnerability is caused due to Qt not properly rejecting overly long UTF-8 character sequences. This can be exploited to bypass certain character sanitation mechanisms and allow e.g. the execution of HTML and script code in applications depending on the correct behavior.

CVEs: