CVE-2015-1858

Published: 12 May 2015

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.

Priority

Status

Package	Release	Status
qt4-x11 Launchpad, Ubuntu, Debian	artful	Released (4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7)
	bionic	Released (4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7)
	cosmic	Released (4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7)
	lucid	Ignored (end of life)
	precise	Released (4:4.8.1-0ubuntu4.9)
	trusty	Released (4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1)
	upstream	Needs triage
	utopic	Released (4:4.8.6+git49-gbc62005+dfsg-1ubuntu1.1)
	vivid	Released (4:4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu6.1)
	wily	Released (4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7)
	xenial	Released (4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7)
	yakkety	Released (4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7)
	zesty	Released (4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7)
	Patches: upstream: https://codereview.qt-project.org/#/c/108312/ upstream: https://qt.gitorious.org/qt/qtbase/commit/51ec7ebfe5f45d1c0a03d992e97053cac66e25fe
qtbase-opensource-src Launchpad, Ubuntu, Debian	artful	Ignored (end of life)
	bionic	Not vulnerable
	cosmic	Not vulnerable
	lucid	Does not exist
	precise	Does not exist
	trusty	Released (5.2.1+dfsg-1ubuntu14.3)
	upstream	Needs triage
	utopic	Released (5.3.0+dfsg-2ubuntu9.1)
	vivid	Released (5.4.1+dfsg-2ubuntu4.1)
	wily	Ignored (end of life)
	xenial	Not vulnerable (5.5.1+dfsg-16ubuntu7)
	yakkety	Ignored (end of life)
	zesty	Ignored (end of life)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2015-1858

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading