CVE-2015-1859

Publication date 12 May 2015

Last updated 24 July 2024

Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
qt4-x11	15.04 vivid	Fixed 4:4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu6.1
	14.10 utopic	Fixed 4:4.8.6+git49-gbc62005+dfsg-1ubuntu1.1
	14.04 LTS trusty	Fixed 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1
	12.04 LTS precise	Fixed 4:4.8.1-0ubuntu4.9
	10.04 LTS lucid	Ignored end of life
qtbase-opensource-src	15.04 vivid	Fixed 5.4.1+dfsg-2ubuntu4.1
	14.10 utopic	Fixed 5.3.0+dfsg-2ubuntu9.1
	14.04 LTS trusty	Fixed 5.2.1+dfsg-1ubuntu14.3
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
qt4-x11	Upstream: https://codereview.qt-project.org/#/c/108312/ Upstream: 51ec7eb

References

Related Ubuntu Security Notices (USN)

USN-2626-1
Qt vulnerabilities
3 June 2015

CVE-2015-1859

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references