Qt: Buffer overflow in the included zlib library Qt is vulnerable to a buffer overflow which could potentially lead to the execution of arbitrary code. qt 2005-09-26 2005-09-26 105695 local 3.3.4-r8 3.3.4-r8

Qt is a cross-platform GUI toolkit used by KDE.

Qt links to a bundled vulnerable version of zlib when emerged with the zlib USE-flag disabled. This may lead to a buffer overflow.

By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use Qt, resulting in a Denial of Service or potentially arbitrary code execution.

Emerge Qt with the zlib USE-flag enabled.

All Qt users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/qt-3.3.4-r8" GLSA 200507-05 GLSA 200507-19 CAN-2005-1849 CAN-2005-2096 jaervosz koon