PublicDateAtUSN: 2014-05-08 Candidate: CVE-2014-0190 PublicDate: 2014-05-08 14:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0190 http://www.openwall.com/lists/oss-security/2014/04/28 http://lists.qt-project.org/pipermail/announce/2014-April/000045.html https://ubuntu.com/security/notices/USN-2626-1 Description: The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. Ubuntu-Description: Notes: Bugs: https://bugs.kde.org/show_bug.cgi?id=333404 Priority: low Discovered-by: Wolfgang Schenk Assigned-to: mdeslaur CVSS: Patches_qt4-x11: upstream: https://qt.gitorious.org/qt/qtbase/commit/eb1325047f2697d24e93ebaf924900affc876bc1 upstream_qt4-x11: released (4:4.8.6+dfsg-1) lucid_qt4-x11: ignored (reached end-of-life) precise_qt4-x11: released (4:4.8.1-0ubuntu4.9) quantal_qt4-x11: ignored (reached end-of-life) saucy_qt4-x11: ignored (reached end-of-life) trusty_qt4-x11: released (4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1) trusty/esm_qt4-x11: released (4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1) utopic_qt4-x11: not-affected (4:4.8.6+git49-gbc62005+dfsg-1ubuntu1) vivid_qt4-x11: not-affected (4:4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu6) devel_qt4-x11: not-affected (4:4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu6) Patches_qtbase-opensource-src: upstream: http://code.qt.io/cgit/qt/qtbase.git/commit/?id=c5eec579e2fcf3c00cc02ebc0a2fbc347cd595d5 upstream_qtbase-opensource-src: released (5.3) lucid_qtbase-opensource-src: DNE precise_qtbase-opensource-src: DNE quantal_qtbase-opensource-src: DNE saucy_qtbase-opensource-src: ignored (reached end-of-life) trusty_qtbase-opensource-src: released (5.2.1+dfsg-1ubuntu14.3) trusty/esm_qtbase-opensource-src: DNE (trusty was released [5.2.1+dfsg-1ubuntu14.3]) utopic_qtbase-opensource-src: not-affected (5.3.0+dfsg-2ubuntu9) vivid_qtbase-opensource-src: not-affected (5.4.1+dfsg-2ubuntu3) vivid/stable-phone-overlay_qtbase-opensource-src: released (5.4.1+dfsg-2ubuntu11~vivid1) vivid/ubuntu-core_qtbase-opensource-src: DNE devel_qtbase-opensource-src: not-affected (5.4.1+dfsg-2ubuntu3)