CVE-2015-1860

Published: 12 May 2015

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.

Priority

Status

Package	Release	Status
qt4-x11 Launchpad, Ubuntu, Debian	lucid	Ignored (reached end-of-life)
	precise	Released (4:4.8.1-0ubuntu4.9)
	trusty	Released (4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1)
	upstream	Needs triage
	utopic	Released (4:4.8.6+git49-gbc62005+dfsg-1ubuntu1.1)
	vivid	Released (4:4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu6.1)
	Patches: upstream: https://codereview.qt-project.org/#/c/108248/ upstream: https://qt.gitorious.org/qt/qtbase/commit/d3048a29797ee2d80d84bbda26bb3c954584f332
qtbase-opensource-src Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was released [5.2.1+dfsg-1ubuntu14.3])
	upstream	Needs triage
	utopic	Released (5.3.0+dfsg-2ubuntu9.1)
	vivid	Released (5.4.1+dfsg-2ubuntu4.1)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›