Bugzilla – Bug 875470
VUL-0: CVE-2014-0190: libqt4: NULL pointer dereference flaw in QGIFFormat::fillRect
Last modified: 2015-03-23 17:05:18 UTC
Via rh#1088142: A NULL pointer dereference flaw was found in QGIFFormat::fillRect. If an application using the qt-x11 libraries opened a malicious GIF file, it could cause the application to crash. Upstream bug: https://bugs.kde.org/show_bug.cgi?id=333404 Upstream notification and fix: http://lists.qt-project.org/pipermail/announce/2014-April/000045.html CVE-2014-0190 was assigned to this issue. References: https://bugzilla.redhat.com/show_bug.cgi?id=1088142 http://seclists.org/oss-sec/2014/q2/181 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0190 http://lists.qt-project.org/pipermail/announce/2014-April/000045.html
Fixed for Factory.
bugbot adjusting priority
openSUSE-SU-2015:0573-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 875470,883374,902670,905742,921999 CVE References: CVE-2014-0190,CVE-2014-3494,CVE-2014-8483,CVE-2014-8600,CVE-2015-0295 Sources used: openSUSE 13.1 (src): kdebase4-runtime-4.11.5-482.6, kdelibs4-4.11.5-488.2, kdelibs4-apidocs-4.11.5-488.3, konversation-1.5.1-3.4.3, kwebkitpart-1.3.3-2.4.1, libqt4-4.8.5-5.17.1, libqt4-devel-doc-4.8.5-5.17.2, libqt4-sql-plugins-4.8.5-5.17.1