PT-2004-3708 · Qt · Qt

Published

1970-01-01

Updated

2017-10-11

CVE-2004-0691

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions qt versions prior to 3.3.3 qt versions prior to 3.3.2

Description The issue concerns multiple vulnerabilities in the qt package, which can lead to a violation of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service or allowing the execution of arbitrary code. The vulnerabilities are related to a heap-based buffer overflow in the BMP image format parser for the QT library.

Recommendations For qt versions prior to 3.3.3, update to version 3.3.3 or later to resolve the issue. For qt versions prior to 3.3.2, update to version 3.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the BMP image format parser until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-03098

BDU:2015-03099

BDU:2015-03100

BDU:2015-03101

BDU:2015-09458

CVE-2004-0691

DSA-542-1

RHSA-2004:414

PT-2004-3708 · Qt · Qt

CVE-2004-0691

Related Identifiers

Affected Products

References · 20