CVE-2007-0242

Publication date 3 April 2007

Last updated 17 July 2025

Ubuntu priority

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
kdelibs	7.04 feisty	Fixed 3.5.6-0ubuntu14.1
	6.10 edgy	Fixed 3.5.5-0ubuntu3.5
	6.06 LTS dapper	Fixed 3.5.2-0ubuntu18.5
qt-x11-free	7.04 feisty	Fixed 3.3.8really3.3.7-0ubuntu5.2
	6.10 edgy	Fixed 3.3.6-3ubuntu3.3
	6.06 LTS dapper	Fixed 3.3.6-1ubuntu6.4
qt4-x11	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-452-1
KDE library vulnerability
11 April 2007

Other references

https://www.cve.org/CVERecord?id=CVE-2007-0242