CVE-2015-1858Improper Restriction of Operations within the Bounds of a Memory Buffer in Qtbase-opensource-src

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer OverflowCWE-125Out-of-bounds ReadCWE-787Out-of-bounds WriteCWE-805Buffer Access with Incorrect Length Value9 documents7 sources
Severity
6.8MEDIUMNVD
OSV4.3
EPSS
2.6%
top 14.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Debian Qtbase-opensource-srcDigia QTFedoraproject Fedora+1 more
Timeline
PublishedMay 12
Latest updateMay 13

Description

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

debiandebian/qtbase-opensource-src< qtbase-opensource-src 5.3.2+dfsg-5 (bookworm)
NVDdigia/qt4.8.6
NVDqt/qt8 versions+7

Also affects: Fedora 20, 21, 22

Patches

Patch: lists.fedoraproject.orgPatch: lists.qt-project.orgPatch: codereview.qt-project.org

🔴Vulnerability Details

3
GHSA
GHSA-vvg4-mx6x-53j6: Multiple buffer overflows in gui/image/qbmphandler2022-05-13
OSV
qt4-x11, qtbase-opensource-src vulnerabilities2015-06-03
OSV
CVE-2015-1858: Multiple buffer overflows in gui/image/qbmphandler2015-05-12

📋Vendor Advisories

3
Ubuntu
Qt vulnerabilities2015-06-03
Red Hat
qt: segmentation fault in qbmphandler.cpp2015-03-11
Debian
CVE-2015-1858: qtbase-opensource-src - Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Q...2015

💬Community

2
Bugzilla
CVE-2015-1858 qt: segmentation fault in qbmphandler.cpp2015-04-10
Bugzilla
CVE-2015-1860 CVE-2015-1859 CVE-2015-1858 qt: various flaws [fedora-all]2015-04-10
CVE-2015-1858 — Qtbase-opensource-src vulnerability | cvebase