Qt Project Security Advisory ---------------------------- Title: Multiple Vulnerabilities in Qt Image Format Handling Risk Rating: High CVE: CVE-2015-1858, CVE-2015-1859, CVE-2015-1860 Platforms: All Modules: QtBase Versions: Qt 4.8.6 and earlier, Qt 5.4.1 and earlier Author: Richard J. Moore <rich at kde.org> Date: 12th April 2015
Overview -------- Due to two recent vulnerabilities identified in the built-in image format handling code, it was decided that this area required further testing to determine if further issues remained. Fuzzing using afl-fuzz located a number of issues in the handling of BMP, ICO and GIF files. The issues exposed included denial of service and buffer overflows leading to heap corruption. It is possible the latter could be used to perform remote code execution. Details ------- It is possible to construct invalid BMP, ICO and GIF images that lead to buffer overflows. The CVEs have been assigned as follows: CVE-2015-1858 BMP vulnerability CVE-2015-1859 ICO vulnerability CVE-2015-1860 GIF vulnerability Impact ------ Denial of service and potentially remote code execution. Workaround ---------- None Solution -------- Upgrade to Qt 5.5 once released or apply the patches below: For Qt 5.0 to 5.4: https://codereview.qt-project.org/#/c/108312/ https://codereview.qt-project.org/#/c/108248/ For Qt 4.8: https://codereview.qt-project.org/#/c/108474/ https://codereview.qt-project.org/#/c/108475/ The fixes will also be included in Qt 4.8.7 and 5.4.2. Credits ======= These issues were discovered by Richard Moore, and were addressed by Eirik Aavitsland. While this advisory was being prepared, two of the issues were also identified by Fabian Vogt. Thanks to Redhat for assigning the CVEs.
_______________________________________________ Announce mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/announce
_______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
