NVD脆弱性詳細

CVE-2006-4811

概要	Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.
公表日	2006年10月19日2:07
登録日	2021年1月29日15:45
最終更新日	2021年6月16日21:43

CVSS2.0 : MEDIUM
スコア	6.8
ベクター	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:qt:qt:3.3.5:::::::*
cpe:2.3:a:qt:qt:3.3.6:::::::*
cpe:2.3:a:qt:qt:3.3.3:::::::*
cpe:2.3:a:qt:qt:3.3.4:::::::*
cpe:2.3:a:qt:qt:4.1.0:::::::*
cpe:2.3:a:qt:qt:4.2.0:::::::*
cpe:2.3:a:qt:qt:3.3.1:::::::*
cpe:2.3:a:qt:qt:3.3.2:::::::*
cpe:2.3:a:qt:qt:4.1.2:::::::*
cpe:2.3:a:qt:qt:4.1.1:::::::*
cpe:2.3:a:redhat:kdelibs:3.1.3:::::::*
cpe:2.3:a:qt:qt:3.3.0:::::::*
cpe:2.3:a:qt:qt:4.1.4:::::::*
cpe:2.3:a:qt:qt:4.1.3:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	http://www.redhat.com/support/errata/RHSA-2006-0720.html	REDHAT	Patch Vendor Advisory
2	http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742	CONFIRM
3	http://www.securityfocus.com/bid/20599	BID
4	http://secunia.com/advisories/22479	SECUNIA	Patch Vendor Advisory
5	http://secunia.com/advisories/22485	SECUNIA	Patch Vendor Advisory
6	http://secunia.com/advisories/22492	SECUNIA	Patch Vendor Advisory
7	http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733	CONFIRM
8	http://www.ubuntu.com/usn/usn-368-1	UBUNTU	Patch
9	http://secunia.com/advisories/22380	SECUNIA	Patch Vendor Advisory
10	http://secunia.com/advisories/22520	SECUNIA	Patch Vendor Advisory
11	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.483634	SLACKWARE
12	http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html	SUSE
13	http://securitytracker.com/id?1017084	SECTRACK
14	http://secunia.com/advisories/22397	SECUNIA	Vendor Advisory
15	http://secunia.com/advisories/22579	SECUNIA	Vendor Advisory
16	http://secunia.com/advisories/22589	SECUNIA	Vendor Advisory
17	http://www.us.debian.org/security/2006/dsa-1200	DEBIAN
18	http://secunia.com/advisories/22645	SECUNIA	Vendor Advisory
19	https://issues.rpath.com/browse/RPL-723	CONFIRM
20	http://security.gentoo.org/glsa/glsa-200611-02.xml	GENTOO
21	http://www.redhat.com/support/errata/RHSA-2006-0725.html	REDHAT	Vendor Advisory
22	http://secunia.com/advisories/22586	SECUNIA	Vendor Advisory
23	http://secunia.com/advisories/22738	SECUNIA	Vendor Advisory
24	ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P	SGI
25	ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P	SGI
26	http://secunia.com/advisories/22890	SECUNIA	Vendor Advisory
27	http://secunia.com/advisories/22929	SECUNIA	Vendor Advisory
28	http://security.gentoo.org/glsa/glsa-200703-06.xml	GENTOO
29	http://secunia.com/advisories/24347	SECUNIA	Vendor Advisory
30	http://www.mandriva.com/security/advisories?name=MDKSA-2006:186	MANDRIVA
31	http://www.mandriva.com/security/advisories?name=MDKSA-2006:187	MANDRIVA
32	http://www.vupen.com/english/advisories/2006/4099	VUPEN	Vendor Advisory
33	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218	OVAL
34	http://www.securityfocus.com/archive/1/449173/100/0/threaded	BUGTRAQ

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

構成1	以上	以下	より上	未満
cpe:2.3:a:qt:qt:3.3.5:::::::*
cpe:2.3:a:qt:qt:3.3.6:::::::*
cpe:2.3:a:qt:qt:3.3.3:::::::*
cpe:2.3:a:qt:qt:3.3.4:::::::*
cpe:2.3:a:qt:qt:4.1.0:::::::*
cpe:2.3:a:qt:qt:4.2.0:::::::*
cpe:2.3:a:qt:qt:3.3.1:::::::*
cpe:2.3:a:qt:qt:3.3.2:::::::*
cpe:2.3:a:qt:qt:4.1.2:::::::*
cpe:2.3:a:qt:qt:4.1.1:::::::*
cpe:2.3:a:redhat:kdelibs:3.1.3:::::::*
cpe:2.3:a:qt:qt:3.3.0:::::::*
cpe:2.3:a:qt:qt:4.1.4:::::::*
cpe:2.3:a:qt:qt:4.1.3:::::::*