{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-29T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2015-6114", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"}, {"name": "FEDORA-2015-6573", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"}, {"name": "FEDORA-2015-6123", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"}, {"name": "GLSA-201603-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201603-10"}, {"name": "FEDORA-2015-6315", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"}, {"name": "FEDORA-2015-6613", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"}, {"name": "74302", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74302"}, {"name": "FEDORA-2015-6364", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"}, {"name": "FEDORA-2015-6661", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"}, {"name": "USN-2626-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2626-1"}, {"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://codereview.qt-project.org/#/c/108248/"}, {"name": "FEDORA-2015-6252", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:54:16.328Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2015-6114", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"}, {"name": "FEDORA-2015-6573", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"}, {"name": "FEDORA-2015-6123", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"}, {"name": "GLSA-201603-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201603-10"}, {"name": "FEDORA-2015-6315", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"}, {"name": "FEDORA-2015-6613", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"}, {"name": "74302", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74302"}, {"name": "FEDORA-2015-6364", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"}, {"name": "FEDORA-2015-6661", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"}, {"name": "USN-2626-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2626-1"}, {"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://codereview.qt-project.org/#/c/108248/"}, {"name": "FEDORA-2015-6252", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-1860", "datePublished": "2015-05-12T19:00:00", "dateReserved": "2015-02-17T00:00:00", "dateUpdated": "2024-08-06T04:54:16.328Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*", "matchCriteriaId": "86E76F78-582E-4473-BF2F-70452F0B6AD5", "versionEndIncluding": "4.8.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "20079A6C-A3B9-4492-BC1F-A3B668F326D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3E42429B-0123-428E-AD62-23000CDF7343", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D60AFED7-9707-4FB7-817D-E2DE4BCABE97", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2980C52-9843-4A39-B164-76E9583F2D7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de buffer en gui/image/qgifhandler.cpp en el m\u00f3dulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen GIF manipulada."}], "id": "CVE-2015-1860", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-05-12T19:59:06.957", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74302"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2626-1"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://codereview.qt-project.org/#/c/108248/"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201603-10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74302"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2626-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://codereview.qt-project.org/#/c/108248/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201603-10"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Richard Moore (KDE) for reporting this issue.", "bugzilla": {"description": "qt: segmentation fault in qgifhandler.cpp", "id": "1210675", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210675"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-122->CWE-125->CWE-787->CWE-805", "details": ["Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.", "A memory corruption flaw was found in the way Qt handled certain GIF image files. If a user loaded a specially crafted GIF image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application."], "name": "CVE-2015-1860", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "qt", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "qt4", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "qt", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "qt3", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "qt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "qt3", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-03-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1860\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1860"], "threat_severity": "Moderate"}