CVE-2015-1860

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html	Patch Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html	Third Party Advisory
http://lists.qt-project.org/pipermail/announce/2015-April/000067.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/74302	VDB Entry Third Party Advisory
http://www.ubuntu.com/usn/USN-2626-1
https://codereview.qt-project.org/#/c/108248/	Patch
https://security.gentoo.org/glsa/201603-10

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:20:::::::*
	cpe:2.3:o:fedoraproject:fedora:21:::::::*
	cpe:2.3:o:fedoraproject:fedora:22:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:digia:qt::::::::
	cpe:2.3:a:qt:qt:5.0.0:::::::*
	cpe:2.3:a:qt:qt:5.0.1:::::::*
	cpe:2.3:a:qt:qt:5.0.2:::::::*
	cpe:2.3:a:qt:qt:5.1.0:::::::*
	cpe:2.3:a:qt:qt:5.2.0:::::::*
	cpe:2.3:a:qt:qt:5.2.1:::::::*
	cpe:2.3:a:qt:qt:5.3.0:::::::*
	cpe:2.3:a:qt:qt:5.4.1:::::::*

History

16 Jun 2021, 12:44

Type	Values Removed	Values Added
References	~~(BID) http://www.securityfocus.com/bid/74302 - Third Party Advisory, VDB Entry~~	(BID) http://www.securityfocus.com/bid/74302 - VDB Entry, Third Party Advisory
CPE	cpe:2.3:a:digia:qt:5.3.0:::::::* cpe:2.3:a:digia:qt:5.2.0:::::::* cpe:2.3:a:digia:qt:5.4.1:::::::* cpe:2.3:a:digia:qt:5.0.0:::::::* cpe:2.3:a:digia:qt:5.2.1:::::::* cpe:2.3:a:digia:qt:5.0.2:::::::* cpe:2.3:a:digia:qt:5.0.1:::::::* cpe:2.3:a:digia:qt:5.1.0:::::::*	cpe:2.3:a:qt:qt:5.4.1:::::::* cpe:2.3:a:qt:qt:5.1.0:::::::* cpe:2.3:a:qt:qt:5.2.1:::::::* cpe:2.3:a:qt:qt:5.0.1:::::::* cpe:2.3:a:qt:qt:5.2.0:::::::* cpe:2.3:a:qt:qt:5.0.2:::::::* cpe:2.3:a:qt:qt:5.3.0:::::::* cpe:2.3:a:qt:qt:5.0.0:::::::*

Information

Published : 2015-05-12 19:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-1860

Mitre link : CVE-2015-1860

CVE.ORG link : CVE-2015-1860

JSON object : View

Products Affected

digia

fedoraproject

fedora

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

6.8 /10