CVE-2007-0242 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2007-0242 Interim 1 9 2025-11-05T06:23:16Z current 2021-05-30T12:37:44Z 2025-11-05T06:23:16Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2007-0242 The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZZVI4H7GYQ2UAAMMZBYAXO2BAF4JSWU2/#ZZVI4H7GYQ2UAAMMZBYAXO2BAF4JSWU2 E-Mail link for SUSE-SR:2007:006 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 qt3-3.3.8b-88.21 qt3-32bit-3.3.8b-88.21 qt3-devel-3.3.8b-88.21 qt3-devel-32bit-3.3.8b-88.21 qt3-devel-doc-3.3.8b-88.21 qt3-devel-tools-3.3.8b-88.21 qt3-devel-tools-32bit-3.3.8b-88.21 qt3-x86-3.3.8b-88.21 qt3-3.3.8b-88.21 as a component of SUSE Linux Enterprise Server 11 SP1 qt3-32bit-3.3.8b-88.21 as a component of SUSE Linux Enterprise Server 11 SP1 qt3-x86-3.3.8b-88.21 as a component of SUSE Linux Enterprise Server 11 SP1 qt3-3.3.8b-88.21 as a component of SUSE Linux Enterprise Server 11 SP2 qt3-32bit-3.3.8b-88.21 as a component of SUSE Linux Enterprise Server 11 SP2 qt3-x86-3.3.8b-88.21 as a component of SUSE Linux Enterprise Server 11 SP2 qt3-3.3.8b-88.21 as a component of SUSE Linux Enterprise Server 11 SP3 qt3-32bit-3.3.8b-88.21 as a component of SUSE Linux Enterprise Server 11 SP3 qt3-x86-3.3.8b-88.21 as a component of SUSE Linux Enterprise Server 11 SP3 qt3-3.3.8b-88.21 as a component of SUSE Linux Enterprise Server 11 SP4 qt3-32bit-3.3.8b-88.21 as a component of SUSE Linux Enterprise Server 11 SP4 qt3-x86-3.3.8b-88.21 as a component of SUSE Linux Enterprise Server 11 SP4 qt3-devel-3.3.8b-88.21 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 qt3-devel-32bit-3.3.8b-88.21 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 qt3-devel-doc-3.3.8b-88.21 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 qt3-devel-tools-3.3.8b-88.21 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 qt3-devel-tools-32bit-3.3.8b-88.21 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. CVE-2007-0242 SUSE Linux Enterprise Server 11 SP1:qt3-3.3.8b-88.21 SUSE Linux Enterprise Server 11 SP1:qt3-32bit-3.3.8b-88.21 SUSE Linux Enterprise Server 11 SP1:qt3-x86-3.3.8b-88.21 SUSE Linux Enterprise Server 11 SP2:qt3-3.3.8b-88.21 SUSE Linux Enterprise Server 11 SP2:qt3-32bit-3.3.8b-88.21 SUSE Linux Enterprise Server 11 SP2:qt3-x86-3.3.8b-88.21 SUSE Linux Enterprise Server 11 SP3:qt3-3.3.8b-88.21 SUSE Linux Enterprise Server 11 SP3:qt3-32bit-3.3.8b-88.21 SUSE Linux Enterprise Server 11 SP3:qt3-x86-3.3.8b-88.21 SUSE Linux Enterprise Server 11 SP4:qt3-3.3.8b-88.21 SUSE Linux Enterprise Server 11 SP4:qt3-32bit-3.3.8b-88.21 SUSE Linux Enterprise Server 11 SP4:qt3-x86-3.3.8b-88.21 SUSE Linux Enterprise Software Development Kit 11 SP4:qt3-devel-3.3.8b-88.21 SUSE Linux Enterprise Software Development Kit 11 SP4:qt3-devel-32bit-3.3.8b-88.21 SUSE Linux Enterprise Software Development Kit 11 SP4:qt3-devel-doc-3.3.8b-88.21 SUSE Linux Enterprise Software Development Kit 11 SP4:qt3-devel-tools-3.3.8b-88.21 SUSE Linux Enterprise Software Development Kit 11 SP4:qt3-devel-tools-32bit-3.3.8b-88.21 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N