Search for vulnerabilities
Vulnerability details: VCID-1jsb-37z3-aaan
Vulnerability ID VCID-1jsb-37z3-aaan
Aliases CVE-2007-0242
Summary The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2007:0883
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0909
rhas Moderate https://access.redhat.com/errata/RHSA-2011:1324
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00828 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00922 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00984 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.00984 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.03156 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.03156 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.03156 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.03156 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.03156 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.03156 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.03156 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.03156 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.03156 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.03156 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.03156 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.03156 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.03156 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.03156 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
epss 0.03156 https://api.first.org/data/v1/epss?cve=CVE-2007-0242
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=234633
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2007-0242
Reference id Reference type URL
ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc
http://fedoranews.org/updates/FEDORA-2007-703.shtml
http://rhn.redhat.com/errata/RHSA-2011-1324.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0242.json
https://api.first.org/data/v1/epss?cve=CVE-2007-0242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
http://secunia.com/advisories/24699
http://secunia.com/advisories/24705
http://secunia.com/advisories/24726
http://secunia.com/advisories/24727
http://secunia.com/advisories/24759
http://secunia.com/advisories/24797
http://secunia.com/advisories/24847
http://secunia.com/advisories/24889
http://secunia.com/advisories/25263
http://secunia.com/advisories/26804
http://secunia.com/advisories/26857
http://secunia.com/advisories/27108
http://secunia.com/advisories/27275
http://secunia.com/advisories/46117
https://exchange.xforce.ibmcloud.com/vulnerabilities/33397
https://issues.rpath.com/browse/RPL-1202
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510
http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm
http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html
http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html
http://www.debian.org/security/2007/dsa-1292
http://www.mandriva.com/security/advisories?name=MDKSA-2007:074
http://www.mandriva.com/security/advisories?name=MDKSA-2007:075
http://www.mandriva.com/security/advisories?name=MDKSA-2007:076
http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html
http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html
http://www.novell.com/linux/security/advisories/2007_6_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0883.html
http://www.redhat.com/support/errata/RHSA-2007-0909.html
http://www.securityfocus.com/bid/23269
http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350
http://www.ubuntu.com/usn/usn-452-1
http://www.vupen.com/english/advisories/2007/1212
234633 https://bugzilla.redhat.com/show_bug.cgi?id=234633
cpe:2.3:a:qt:qt:3.3.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:qt:qt:3.3.8:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*
CVE-2007-0242 https://nvd.nist.gov/vuln/detail/CVE-2007-0242
RHSA-2007:0883 https://access.redhat.com/errata/RHSA-2007:0883
RHSA-2007:0909 https://access.redhat.com/errata/RHSA-2007:0909
RHSA-2011:1324 https://access.redhat.com/errata/RHSA-2011:1324
USN-452-1 https://usn.ubuntu.com/452-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2007-0242
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.71996
EPSS Score 0.0081
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.