CVE-2015-0295
published 2015-03-25CVE-2015-0295: The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a…
PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
6.36%
92.8th percentile
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | qtbase-opensource-src | < qtbase-opensource-src 5.3.2+dfsg-5 (bookworm) | qtbase-opensource-src 5.3.2+dfsg-5 (bookworm) |
| digia | qt | <= 5.4.1 | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8p7m-hxqm-w38g: The BMP decoder in QtGui in QT before 5
ghsa_unreviewed·2022-05-14
CVE-2015-0295 [MEDIUM] GHSA-8p7m-hxqm-w38g: The BMP decoder in QtGui in QT before 5
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
OSV
qt4-x11, qtbase-opensource-src vulnerabilities
osv·2015-06-03·CVSS 4.3
CVE-2014-0190 [MEDIUM] qt4-x11, qtbase-opensource-src vulnerabilities
qt4-x11, qtbase-opensource-src vulnerabilities
Wolfgang Schenk discovered that Qt incorrectly handled certain malformed
GIF images. If a user or automated system were tricked into opening a
specially crafted GIF image, a remote attacker could use this issue to
cause Qt to crash, resulting in a denial of service. This issue only
applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-0190)
Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP
images. If a user or automated system were tricked into opening a specially
crafted BMP image, a remote attacker could use this issue to cause Qt to
crash, resulting in a denial of service. (CVE-2015-0295)
Richard Moore and Fabian Vogt discovered that Qt incorrectly handled
certain malformed BMP images. If a user or automated
OSV
CVE-2015-0295: The BMP decoder in QtGui in QT before 5
osv·2015-03-25·CVSS 5.0
CVE-2015-0295 [MEDIUM] CVE-2015-0295: The BMP decoder in QtGui in QT before 5
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
Ubuntu
Qt vulnerabilities
vendor_ubuntu·2015-06-03·CVSS 4.3
CVE-2014-0190 [MEDIUM] Qt vulnerabilities
Title: Qt vulnerabilities
Summary: Qt could be made to crash or run programs as your login if it opened a
specially crafted file.
Wolfgang Schenk discovered that Qt incorrectly handled certain malformed
GIF images. If a user or automated system were tricked into opening a
specially crafted GIF image, a remote attacker could use this issue to
cause Qt to crash, resulting in a denial of service. This issue only
applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-0190)
Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP
images. If a user or automated system were tricked into opening a specially
crafted BMP image, a remote attacker could use this issue to cause Qt to
crash, resulting in a denial of service. (CVE-2015-0295)
Richard Moore and Fabian Vogt discover
Red Hat
QT: BMP image handler crash
vendor_redhat·2015-02-27·CVSS 5.0
CVE-2015-0295 [MEDIUM] CWE-369 QT: BMP image handler crash
QT: BMP image handler crash
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
Statement: This issue affects the versions of Qt as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: qt (Red Hat Enterprise Linux 4) - Will not fix
Package: qt (Red Hat Enterprise Linux 5) - Will not fix
Package: qt4 (Red Hat Enterprise Linux 5) - Will not fix
Package: qt (Red H
Debian
CVE-2015-0295: qtbase-opensource-src - The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks ...
vendor_debian·2015·CVSS 5.0
CVE-2015-0295 [MEDIUM] CVE-2015-0295: qtbase-opensource-src - The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks ...
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
Scope: local
bookworm: resolved (fixed in 5.3.2+dfsg-5)
bullseye: resolved (fixed in 5.3.2+dfsg-5)
forky: resolved (fixed in 5.3.2+dfsg-5)
sid: resolved (fixed in 5.3.2+dfsg-5)
trixie: resolved (fixed in 5.3.2+dfsg-5)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-0295 QT: BMP image handler crash
bugzilla·2015-02-28·CVSS 5.0
CVE-2015-0295 [MEDIUM] CVE-2015-0295 QT: BMP image handler crash
CVE-2015-0295 QT: BMP image handler crash
The QT Project reports:
The builtin BMP decoder in QtGui prior to Qt 5.5 contained a bug that would
lead to a division by zero when loading certain corrupt BMP files. This in
turn would cause the application loading these hand crafted BMPs to crash.
External reference:
http://lists.qt-project.org/pipermail/announce/2015-February/000059.html
Discussion:
Created qt tracking bugs for this issue:
Affects: fedora-all [bug 1197274]
---
Created qt3 tracking bugs for this issue:
Affects: fedora-all [bug 1197275]
---
Statement:
This issue affects the versions of Qt as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For addition
Bugzilla
CVE-2015-0295 QT: BMP image handler crash [fedora-all]
bugzilla·2015-02-28·CVSS 5.0
CVE-2015-0295 [MEDIUM] CVE-2015-0295 QT: BMP image handler crash [fedora-all]
CVE-2015-0295 QT: BMP image handler crash [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one
Bugzilla
CVE-2015-0295 qt3: QT: BMP image handler crash [fedora-all]
bugzilla·2015-02-28·CVSS 5.0
CVE-2015-0295 [MEDIUM] CVE-2015-0295 qt3: QT: BMP image handler crash [fedora-all]
CVE-2015-0295 qt3: QT: BMP image handler crash [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.htmlhttp://lists.opensuse.org/opensuse-updates/2015-03/msg00068.htmlhttp://lists.qt-project.org/pipermail/announce/2015-February/000059.htmlhttp://www.securityfocus.com/bid/73029http://www.ubuntu.com/usn/USN-2626-1http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.htmlhttp://lists.opensuse.org/opensuse-updates/2015-03/msg00068.htmlhttp://lists.qt-project.org/pipermail/announce/2015-February/000059.htmlhttp://www.securityfocus.com/bid/73029http://www.ubuntu.com/usn/USN-2626-1
2015-03-25
Published