CVE-2015-1860

CVE	CVE-2015-1860
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2015-05-12 19:59:00 UTC
Updated	2021-06-16 12:44:00 UTC
Description	Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.

Problem Types: CWE-119

Type	Vendor	Product	Version	Update	Edition	Language
Application	Digia	Qt	5.0.0	All	All	All
Application	Digia	Qt	5.0.1	All	All	All
Application	Digia	Qt	5.0.2	All	All	All
Application	Digia	Qt	5.1.0	All	All	All
Application	Digia	Qt	5.2.0	All	All	All
Application	Digia	Qt	5.2.1	All	All	All
Application	Digia	Qt	5.3.0	All	All	All
Application	Digia	Qt	5.4.1	All	All	All
Application	Digia	Qt	5.0.0	All	All	All
Application	Digia	Qt	5.0.1	All	All	All
Application	Digia	Qt	5.0.2	All	All	All
Application	Digia	Qt	5.1.0	All	All	All
Application	Digia	Qt	5.2.0	All	All	All
Application	Digia	Qt	5.2.1	All	All	All
Application	Digia	Qt	5.3.0	All	All	All
Application	Digia	Qt	5.4.1	All	All	All
Application	Digia	Qt	All	All	All	All
Operating System	Fedoraproject	Fedora	20	All	All	All
Operating System	Fedoraproject	Fedora	21	All	All	All
Operating System	Fedoraproject	Fedora	22	All	All	All
Operating System	Fedoraproject	Fedora	20	All	All	All
Operating System	Fedoraproject	Fedora	21	All	All	All
Operating System	Fedoraproject	Fedora	22	All	All	All
Application	Qt	Qt	5.0.0	All	All	All
Application	Qt	Qt	5.0.1	All	All	All
Application	Qt	Qt	5.0.2	All	All	All
Application	Qt	Qt	5.1.0	All	All	All
Application	Qt	Qt	5.2.0	All	All	All
Application	Qt	Qt	5.2.1	All	All	All
Application	Qt	Qt	5.3.0	All	All	All
Application	Qt	Qt	5.4.1	All	All	All

Reference	Source	Link	Tags
[SECURITY] Fedora 20 Update: qt3-3.3.8b-63.fc20	FEDORA	lists.fedoraproject.org	Third Party Advisory
Qt 'qgifhandler.cpp' Memory Corruption Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
Gerrit Code Review	CONFIRM	codereview.qt-project.org	Patch
[SECURITY] Fedora 21 Update: qt3-3.3.8b-63.fc21	FEDORA	lists.fedoraproject.org	Third Party Advisory
[SECURITY] Fedora 22 Update: qt5-qtbase-5.4.1-9.fc22	FEDORA	lists.fedoraproject.org	Third Party Advisory
USN-2626-1: Qt vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
[SECURITY] Fedora 22 Update: qt3-3.3.8b-63.fc22	FEDORA	lists.fedoraproject.org	Third Party Advisory
[SECURITY] Fedora 21 Update: qt-4.8.6-28.fc21	FEDORA	lists.fedoraproject.org	Third Party Advisory
[Announce] Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling	MLIST	lists.qt-project.org	Patch, Vendor Advisory
[SECURITY] Fedora 20 Update: qt5-qtbase-5.4.1-9.fc20	FEDORA	lists.fedoraproject.org	Third Party Advisory
[SECURITY] Fedora 21 Update: qt5-qtbase-5.4.1-9.fc21	FEDORA	lists.fedoraproject.org	Third Party Advisory
QtGui: Multiple vulnerabilities (GLSA 201603-10) — Gentoo Security	GENTOO	security.gentoo.org
[SECURITY] Fedora 22 Update: qt-4.8.6-28.fc22	FEDORA	lists.fedoraproject.org	Patch, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.