CVE-2015-1858
published 2015-05-12CVE-2015-1858: Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of…
PriorityP341medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
7.22%
93.5th percentile
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | qtbase-opensource-src | < qtbase-opensource-src 5.3.2+dfsg-5 (bookworm) | qtbase-opensource-src 5.3.2+dfsg-5 (bookworm) |
| digia | qt | <= 4.8.6 | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vvg4-mx6x-53j6: Multiple buffer overflows in gui/image/qbmphandler
ghsa_unreviewed·2022-05-13
CVE-2015-1858 [MEDIUM] CWE-119 GHSA-vvg4-mx6x-53j6: Multiple buffer overflows in gui/image/qbmphandler
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
OSV
qt4-x11, qtbase-opensource-src vulnerabilities
osv·2015-06-03·CVSS 4.3
CVE-2014-0190 [MEDIUM] qt4-x11, qtbase-opensource-src vulnerabilities
qt4-x11, qtbase-opensource-src vulnerabilities
Wolfgang Schenk discovered that Qt incorrectly handled certain malformed
GIF images. If a user or automated system were tricked into opening a
specially crafted GIF image, a remote attacker could use this issue to
cause Qt to crash, resulting in a denial of service. This issue only
applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-0190)
Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP
images. If a user or automated system were tricked into opening a specially
crafted BMP image, a remote attacker could use this issue to cause Qt to
crash, resulting in a denial of service. (CVE-2015-0295)
Richard Moore and Fabian Vogt discovered that Qt incorrectly handled
certain malformed BMP images. If a user or automated
OSV
CVE-2015-1858: Multiple buffer overflows in gui/image/qbmphandler
osv·2015-05-12·CVSS 6.8
CVE-2015-1858 [MEDIUM] CVE-2015-1858: Multiple buffer overflows in gui/image/qbmphandler
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
Ubuntu
Qt vulnerabilities
vendor_ubuntu·2015-06-03·CVSS 4.3
CVE-2014-0190 [MEDIUM] Qt vulnerabilities
Title: Qt vulnerabilities
Summary: Qt could be made to crash or run programs as your login if it opened a
specially crafted file.
Wolfgang Schenk discovered that Qt incorrectly handled certain malformed
GIF images. If a user or automated system were tricked into opening a
specially crafted GIF image, a remote attacker could use this issue to
cause Qt to crash, resulting in a denial of service. This issue only
applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-0190)
Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP
images. If a user or automated system were tricked into opening a specially
crafted BMP image, a remote attacker could use this issue to cause Qt to
crash, resulting in a denial of service. (CVE-2015-0295)
Richard Moore and Fabian Vogt discover
Red Hat
qt: segmentation fault in qbmphandler.cpp
vendor_redhat·2015-03-11·CVSS 6.8
CVE-2015-1858 [MEDIUM] CWE-122 qt: segmentation fault in qbmphandler.cpp
qt: segmentation fault in qbmphandler.cpp
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
A memory corruption flaw was found in the way Qt handled certain Bitmap (BMP) files. If a user loaded a specially crafted BMP image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
Package: qt (Red Hat Enterprise Linux 5) - Not affected
Package: qt4 (Red Hat Enterprise Linux 5) - Will not fix
Package: qt (Red Hat Enterprise Linux 6) - Will not fix
Package: qt3
Debian
CVE-2015-1858: qtbase-opensource-src - Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Q...
vendor_debian·2015·CVSS 6.8
CVE-2015-1858 [MEDIUM] CVE-2015-1858: qtbase-opensource-src - Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Q...
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
Scope: local
bookworm: resolved (fixed in 5.3.2+dfsg-5)
bullseye: resolved (fixed in 5.3.2+dfsg-5)
forky: resolved (fixed in 5.3.2+dfsg-5)
sid: resolved (fixed in 5.3.2+dfsg-5)
trixie: resolved (fixed in 5.3.2+dfsg-5)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-1858 qt: segmentation fault in qbmphandler.cpp
bugzilla·2015-04-10·CVSS 6.8
CVE-2015-1858 [MEDIUM] CVE-2015-1858 qt: segmentation fault in qbmphandler.cpp
CVE-2015-1858 qt: segmentation fault in qbmphandler.cpp
Fuzzing test revealed that for certain malformed bmp files, the handler would segfault.
Upstream fix: https://codereview.qt-project.org/#/c/108312/
Acknowledgements:
Red Hat would like to thank Richard Moore of KDE for reporting this issue.
Discussion:
Created qt tracking bugs for this issue:
Affects: fedora-all [bug 1210677]
---
References:
Upstream advisory:
http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
---
qt5-qtbase-5.4.1-9.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
---
To the best of my knowledge, Qt 3 is NOT vulnerable to this issue, for the following reason:
The security fix from Qt 4 changes the relevant co
Bugzilla
CVE-2015-1860 CVE-2015-1859 CVE-2015-1858 qt: various flaws [fedora-all]
bugzilla·2015-04-10·CVSS 6.8
CVE-2015-1860 [MEDIUM] CVE-2015-1860 CVE-2015-1859 CVE-2015-1858 qt: various flaws [fedora-all]
CVE-2015-1860 CVE-2015-1859 CVE-2015-1858 qt: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedor
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.htmlhttp://lists.qt-project.org/pipermail/announce/2015-April/000067.htmlhttp://www.securityfocus.com/bid/74309http://www.ubuntu.com/usn/USN-2626-1https://codereview.qt-project.org/#/c/108312/https://security.gentoo.org/glsa/201603-10http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.htmlhttp://lists.qt-project.org/pipermail/announce/2015-April/000067.htmlhttp://www.securityfocus.com/bid/74309http://www.ubuntu.com/usn/USN-2626-1https://codereview.qt-project.org/#/c/108312/https://security.gentoo.org/glsa/201603-10
2015-05-12
Published