CVE-2015-1859
published 2015-05-12CVE-2015-1859: Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to…
PriorityP341medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
7.19%
93.5th percentile
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | qtbase-opensource-src | < qtbase-opensource-src 5.3.2+dfsg-5 (bookworm) | qtbase-opensource-src 5.3.2+dfsg-5 (bookworm) |
| digia | qt | <= 4.8.6 | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wj8c-4f82-jfpp: Multiple buffer overflows in plugins/imageformats/ico/qicohandler
ghsa_unreviewed·2022-05-13
CVE-2015-1859 [MEDIUM] CWE-119 GHSA-wj8c-4f82-jfpp: Multiple buffer overflows in plugins/imageformats/ico/qicohandler
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
OSV
qt4-x11, qtbase-opensource-src vulnerabilities
osv·2015-06-03·CVSS 4.3
CVE-2014-0190 [MEDIUM] qt4-x11, qtbase-opensource-src vulnerabilities
qt4-x11, qtbase-opensource-src vulnerabilities
Wolfgang Schenk discovered that Qt incorrectly handled certain malformed
GIF images. If a user or automated system were tricked into opening a
specially crafted GIF image, a remote attacker could use this issue to
cause Qt to crash, resulting in a denial of service. This issue only
applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-0190)
Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP
images. If a user or automated system were tricked into opening a specially
crafted BMP image, a remote attacker could use this issue to cause Qt to
crash, resulting in a denial of service. (CVE-2015-0295)
Richard Moore and Fabian Vogt discovered that Qt incorrectly handled
certain malformed BMP images. If a user or automated
OSV
CVE-2015-1859: Multiple buffer overflows in plugins/imageformats/ico/qicohandler
osv·2015-05-12·CVSS 6.8
CVE-2015-1859 [MEDIUM] CVE-2015-1859: Multiple buffer overflows in plugins/imageformats/ico/qicohandler
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
Ubuntu
Qt vulnerabilities
vendor_ubuntu·2015-06-03·CVSS 4.3
CVE-2014-0190 [MEDIUM] Qt vulnerabilities
Title: Qt vulnerabilities
Summary: Qt could be made to crash or run programs as your login if it opened a
specially crafted file.
Wolfgang Schenk discovered that Qt incorrectly handled certain malformed
GIF images. If a user or automated system were tricked into opening a
specially crafted GIF image, a remote attacker could use this issue to
cause Qt to crash, resulting in a denial of service. This issue only
applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-0190)
Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP
images. If a user or automated system were tricked into opening a specially
crafted BMP image, a remote attacker could use this issue to cause Qt to
crash, resulting in a denial of service. (CVE-2015-0295)
Richard Moore and Fabian Vogt discover
Red Hat
qt: segmentation fault in qicohandler.cpp
vendor_redhat·2015-03-11·CVSS 6.8
CVE-2015-1859 [MEDIUM] CWE-122 qt: segmentation fault in qicohandler.cpp
qt: segmentation fault in qicohandler.cpp
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
A memory corruption flaw was found in the way Qt handled certain Icon (ICO) files. If a user loaded a specially crafted ICO image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
Package: qt (Red Hat Enterprise Linux 5) - Not affected
Package: qt4 (Red Hat Enterprise Linux 5) - Will not fix
Package: qt (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2015-1859: qtbase-opensource-src - Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtB...
vendor_debian·2015·CVSS 6.8
CVE-2015-1859 [MEDIUM] CVE-2015-1859: qtbase-opensource-src - Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtB...
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
Scope: local
bookworm: resolved (fixed in 5.3.2+dfsg-5)
bullseye: resolved (fixed in 5.3.2+dfsg-5)
forky: resolved (fixed in 5.3.2+dfsg-5)
sid: resolved (fixed in 5.3.2+dfsg-5)
trixie: resolved (fixed in 5.3.2+dfsg-5)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-1860 CVE-2015-1859 CVE-2015-1858 qt: various flaws [fedora-all]
bugzilla·2015-04-10·CVSS 6.8
CVE-2015-1860 [MEDIUM] CVE-2015-1860 CVE-2015-1859 CVE-2015-1858 qt: various flaws [fedora-all]
CVE-2015-1860 CVE-2015-1859 CVE-2015-1858 qt: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedor
Bugzilla
CVE-2015-1859 qt: segmentation fault in qicohandler.cpp
bugzilla·2015-04-10·CVSS 6.8
CVE-2015-1859 [MEDIUM] CVE-2015-1859 qt: segmentation fault in qicohandler.cpp
CVE-2015-1859 qt: segmentation fault in qicohandler.cpp
Fuzzing test revealed that for certain malformed ico files, the handler would segfault.
Upstream fix: https://codereview.qt-project.org/#/c/108312/
Acknowledgements:
Red Hat would like to thank Richard Moore of KDE for reporting this issue.
Discussion:
Created qt tracking bugs for this issue:
Affects: fedora-all [bug 1210677]
---
References:
Upstream advisory:
http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
---
qt5-qtbase-5.4.1-9.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
---
To the best of my knowledge, Qt 3 is NOT vulnerable to this issue, because it does not include an ICO reader. (ICO reading in Qt 3 was provided
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.htmlhttp://lists.qt-project.org/pipermail/announce/2015-April/000067.htmlhttp://www.securityfocus.com/bid/74307http://www.securityfocus.com/bid/74310http://www.ubuntu.com/usn/USN-2626-1https://security.gentoo.org/glsa/201603-10http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.htmlhttp://lists.qt-project.org/pipermail/announce/2015-April/000067.htmlhttp://www.securityfocus.com/bid/74307http://www.securityfocus.com/bid/74310http://www.ubuntu.com/usn/USN-2626-1https://security.gentoo.org/glsa/201603-10
2015-05-12
Published