CVE-2015-1860

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html	Patch Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html	Third Party Advisory
http://lists.qt-project.org/pipermail/announce/2015-April/000067.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/74302	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2626-1
https://codereview.qt-project.org/#/c/108248/	Patch
https://security.gentoo.org/glsa/201603-10
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html	Patch Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html	Third Party Advisory
http://lists.qt-project.org/pipermail/announce/2015-April/000067.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/74302	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2626-1
https://codereview.qt-project.org/#/c/108248/	Patch
https://security.gentoo.org/glsa/201603-10

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:20:::::::*
	cpe:2.3:o:fedoraproject:fedora:21:::::::*
	cpe:2.3:o:fedoraproject:fedora:22:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:digia:qt::::::::
	cpe:2.3:a:qt:qt:5.0.0:::::::*
	cpe:2.3:a:qt:qt:5.0.1:::::::*
	cpe:2.3:a:qt:qt:5.0.2:::::::*
	cpe:2.3:a:qt:qt:5.1.0:::::::*
	cpe:2.3:a:qt:qt:5.2.0:::::::*
	cpe:2.3:a:qt:qt:5.2.1:::::::*
	cpe:2.3:a:qt:qt:5.3.0:::::::*
	cpe:2.3:a:qt:qt:5.4.1:::::::*

History

No history.

Information

Published : 2015-05-12 19:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-1860

Mitre link : CVE-2015-1860

CVE.ORG link : CVE-2015-1860

JSON object : View

Products Affected

digia

fedoraproject

fedora

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

6.8 /10