CVE-2015-1858

Priority
Low
Description
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module
in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a
denial of service (segmentation fault and crash) and possibly execute
arbitrary code via a crafted BMP image.
References
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (5.2.1+dfsg-1ubuntu14.3)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):ignored (reached end-of-life)
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [4:4.8.1-0ubuntu4.9])
Ubuntu 14.04 LTS (Trusty Tahr):released (4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7)
Ubuntu 17.04 (Zesty Zapus):released (4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7)
Ubuntu 17.10 (Artful Aardvark):released (4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7)
Patches:
Upstream:https://codereview.qt-project.org/#/c/108312/
Upstream:https://qt.gitorious.org/qt/qtbase/commit/51ec7ebfe5f45d1c0a03d992e97053cac66e25fe
More Information

Updated: 2018-01-15 13:17:40 UTC (commit 14005)