Bugzilla – Bug 927807
VUL-0: CVE-2015-1859: libqt5-qtbase,libqt4,qt,qt3: segmentation fault in ICO Qt Image Format Handling
Last modified: 2019-11-05 15:40:28 UTC
rh#1210674 Qt Project Security Advisory ---------------------------- Title: Multiple Vulnerabilities in Qt Image Format Handling Risk Rating: High CVE: CVE-2015-1858, CVE-2015-1859, CVE-2015-1860 Platforms: All Modules: QtBase Versions: Qt 4.8.6 and earlier, Qt 5.4.1 and earlier Author: Richard J. Moore <rich at kde.org> Date: 12th April 2015 Overview -------- Due to two recent vulnerabilities identified in the built-in image format handling code, it was decided that this area required further testing to determine if further issues remained. Fuzzing using afl-fuzz located a number of issues in the handling of BMP, ICO and GIF files. The issues exposed included denial of service and buffer overflows leading to heap corruption. It is possible the latter could be used to perform remote code execution. CVE-2015-1859 ICO vulnerability Impact ------ Denial of service and potentially remote code execution. Workaround ---------- None Solution -------- Upgrade to Qt 5.5 once released or apply the patches below: For Qt 5.0 to 5.4: https://codereview.qt-project.org/#/c/108312/ https://codereview.qt-project.org/#/c/108248/ For Qt 4.8: https://codereview.qt-project.org/#/c/108474/ https://codereview.qt-project.org/#/c/108475/ The fixes will also be included in Qt 4.8.7 and 5.4.2. References: https://bugzilla.redhat.com/show_bug.cgi?id=1210674 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1859 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1859.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-05-04. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61570
bugbot adjusting priority
This is really a duplicate of 927808..
This is an autogenerated message for OBS integration: This bug (927807) was mentioned in https://build.opensuse.org/request/show/305786 Factory / libqt4
SLE12 libqt5-qtbase is affected: libqt5-qtbase/qtbase-opensource-src-5.3.1.tar.xz.contents/qtbase-opensource-src-5.3.1/src/gui/image/qgifhandler.cpp libqt5-qtbase/qtbase-opensource-src-5.3.1.tar.xz.contents/qtbase-opensource-src-5.3.1/src/plugins/imageformats/ico/qicohandler.cpp Please proceed to also fix this package SLE 12 in addition to libqt4. Thanks!
bug 921999, bug 927806, bug 927807, bug 927808 affect libqt5-qtbase on SLE 12. Assigning to maintainer for submission.
SUSE-SU-2015:0977-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 921999,927806,927807,927808 CVE References: CVE-2015-0295,CVE-2015-1858,CVE-2015-1859,CVE-2015-1860 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): libqt4-4.6.3-5.34.2, libqt4-devel-doc-4.6.3-5.34.2, libqt4-devel-doc-data-4.6.3-5.34.2, libqt4-sql-plugins-4.6.3-5.34.2 SUSE Linux Enterprise Server 11 SP3 for VMware (src): libqt4-4.6.3-5.34.2, libqt4-devel-doc-4.6.3-5.34.2, libqt4-sql-plugins-4.6.3-5.34.2 SUSE Linux Enterprise Server 11 SP3 (src): libqt4-4.6.3-5.34.2, libqt4-devel-doc-4.6.3-5.34.2, libqt4-sql-plugins-4.6.3-5.34.2 SUSE Linux Enterprise Desktop 11 SP3 (src): libqt4-4.6.3-5.34.2, libqt4-sql-plugins-4.6.3-5.34.2
SUSE-SU-2015:1359-1: An update that solves four vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 847880,921999,927806,927807,927808,929688 CVE References: CVE-2015-0295,CVE-2015-1858,CVE-2015-1859,CVE-2015-1860 Sources used: SUSE Linux Enterprise Workstation Extension 12 (src): libqt4-4.8.6-4.2, libqt4-sql-plugins-4.8.6-4.1 SUSE Linux Enterprise Software Development Kit 12 (src): libqt4-4.8.6-4.2, libqt4-devel-doc-4.8.6-4.6, libqt4-sql-plugins-4.8.6-4.1 SUSE Linux Enterprise Server 12 (src): libqt4-4.8.6-4.2, libqt4-devel-doc-4.8.6-4.6, libqt4-sql-plugins-4.8.6-4.1 SUSE Linux Enterprise Desktop 12 (src): libqt4-4.8.6-4.2, libqt4-sql-plugins-4.8.6-4.1
SUSE-SU-2015:1383-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 870151,921999,927806,927807,927808 CVE References: CVE-2015-0295,CVE-2015-1858,CVE-2015-1859,CVE-2015-1860 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): libqt5-qtbase-5.3.1-4.4.2 SUSE Linux Enterprise Server 12 (src): libqt5-qtbase-5.3.1-4.4.2 SUSE Linux Enterprise Desktop 12 (src): libqt5-qtbase-5.3.1-4.4.2
was fixed apparently