CVE-2015-1860Improper Restriction of Operations within the Bounds of a Memory Buffer in Qtbase-opensource-src

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer OverflowCWE-125Out-of-bounds ReadCWE-787Out-of-bounds WriteCWE-805Buffer Access with Incorrect Length Value9 documents7 sources
Severity
6.8MEDIUMNVD
OSV4.3
EPSS
6.4%
top 8.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Debian Qtbase-opensource-srcDigia QTFedoraproject Fedora+1 more
Timeline
PublishedMay 12
Latest updateMay 13

Description

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

debiandebian/qtbase-opensource-src< qtbase-opensource-src 5.3.2+dfsg-5 (bookworm)
NVDdigia/qt4.8.6
NVDqt/qt8 versions+7

Also affects: Fedora 20, 21, 22

Patches

Patch: lists.fedoraproject.orgPatch: lists.qt-project.orgPatch: codereview.qt-project.org

🔴Vulnerability Details

3
GHSA
GHSA-hj9g-7v26-7xjx: Multiple buffer overflows in gui/image/qgifhandler2022-05-13
OSV
qt4-x11, qtbase-opensource-src vulnerabilities2015-06-03
OSV
CVE-2015-1860: Multiple buffer overflows in gui/image/qgifhandler2015-05-12

📋Vendor Advisories

3
Ubuntu
Qt vulnerabilities2015-06-03
Red Hat
qt: segmentation fault in qgifhandler.cpp2015-03-11
Debian
CVE-2015-1860: qtbase-opensource-src - Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Q...2015

💬Community

2
Bugzilla
CVE-2015-1860 CVE-2015-1859 CVE-2015-1858 qt: various flaws [fedora-all]2015-04-10
Bugzilla
CVE-2015-1860 qt: segmentation fault in qgifhandler.cpp2015-04-10
CVE-2015-1860 — Qtbase-opensource-src vulnerability | cvebase