PT-2015-5475 · Qt Company+3 · Qt+3

Fabian Vogt

+1

·

Published

2014-06-27

·

Updated

2021-06-16

·

CVE-2015-1859

CVSS v2.0

6.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Qt versions prior to 4.8.7 Qt 5.x versions prior to 5.4.2
Description The issue is related to multiple buffer overflows in the QtBase module, specifically in the qicohandler.cpp file, which handles ICO image formats. This can be exploited by remote attackers using a crafted ICO image, potentially leading to a denial of service (causing a segmentation fault and crash) and possibly allowing the execution of arbitrary code.
Recommendations For Qt versions prior to 4.8.7, update to version 4.8.7 or later. For Qt 5.x versions prior to 5.4.2, update to version 5.4.2 or later.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2014-1826
ALT-PU-2014-1827
ALT-PU-2014-1828
ALT-PU-2014-1829
ALT-PU-2014-1830
ALT-PU-2014-1831
ALT-PU-2014-1832
ALT-PU-2014-1833
ALT-PU-2014-1834
ALT-PU-2014-1835
ALT-PU-2014-1836
ALT-PU-2014-1837
ALT-PU-2014-1838
ALT-PU-2014-1839
ALT-PU-2014-1840
ALT-PU-2014-1841
ALT-PU-2014-1842
ALT-PU-2014-1843
ALT-PU-2014-1844
ALT-PU-2014-2468
ALT-PU-2015-1468
ALT-PU-2015-1496
ALT-PU-2015-1498
ALT-PU-2015-1499
ALT-PU-2015-1500
ALT-PU-2015-1504
ALT-PU-2015-1508
ALT-PU-2015-1509
ALT-PU-2015-1510
ALT-PU-2015-1511
ALT-PU-2015-1512
ALT-PU-2015-1513
ALT-PU-2015-1514
ALT-PU-2015-1515
ALT-PU-2015-1516
ALT-PU-2015-1517
ALT-PU-2015-1518
ALT-PU-2015-1519
ALT-PU-2015-1520
ALT-PU-2015-1521
ALT-PU-2015-1522
CVE-2015-1859
DLA-210-1
MGASA-2015-0198
OPENSUSE-SU-2024:10180-1
SUSE-SU-2015:0977-1
SUSE-SU-2015:1359-1
SUSE-SU-2015:1383-1
USN-2626-1

Affected Products

Alt Linux
Qt
Suse
Ubuntu