Unrated severityNVD Advisory· Published Apr 3, 2007· Updated Apr 23, 2026
CVE-2007-0242
CVE-2007-0242
Description
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
36- www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350nvdPatch
- patches.sgi.com/support/free/security/advisories/20070901-01-P.ascnvd
- fedoranews.org/updates/FEDORA-2007-703.shtmlnvd
- rhn.redhat.com/errata/RHSA-2011-1324.htmlnvd
- secunia.com/advisories/24699nvd
- secunia.com/advisories/24705nvd
- secunia.com/advisories/24726nvd
- secunia.com/advisories/24727nvd
- secunia.com/advisories/24759nvd
- secunia.com/advisories/24797nvd
- secunia.com/advisories/24847nvd
- secunia.com/advisories/24889nvd
- secunia.com/advisories/25263nvd
- secunia.com/advisories/26804nvd
- secunia.com/advisories/26857nvd
- secunia.com/advisories/27108nvd
- secunia.com/advisories/27275nvd
- secunia.com/advisories/46117nvd
- slackware.com/security/viewer.phpnvd
- support.avaya.com/elmodocs2/security/ASA-2007-424.htmnvd
- support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.htmlnvd
- support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.htmlnvd
- www.debian.org/security/2007/dsa-1292nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.htmlnvd
- www.novell.com/linux/security/advisories/2007_6_sr.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0883.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0909.htmlnvd
- www.securityfocus.com/bid/23269nvd
- www.ubuntu.com/usn/usn-452-1nvd
- www.vupen.com/english/advisories/2007/1212nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/33397nvd
- issues.rpath.com/browse/RPL-1202nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510nvd
News mentions
0No linked articles in our index yet.