CVE-2007-5965 (Medium - Network exploitable , Victim must voluntarily interact with attack mechanism) :
QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which
might make it easier for remote attackers to trick a user into accepting an invalid server
certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a
user.
CVE-2007-3388 (Medium) :
Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3)
qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7)
qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to
execute arbitrary code via format string specifiers in text used to compose an error message.
CVE-2007-4137 (High) :
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows
context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string
that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the
QUtf8Codec::convertToUnicode function, but it is not exploitable.