Vulnerabilites related to digia - qt
CVE-2010-1766 (GCVE-0-2010-1766)
Vulnerability from cvelistv5
Published
2010-07-22 01:00
Modified
2024-08-07 01:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "FEDORA-2010-11020",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2010-1801",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1801"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596494"
},
{
"name": "USN-1006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=36339"
},
{
"name": "40557",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40557"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "FEDORA-2010-11011",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html"
},
{
"name": "ADV-2011-0552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.webkit.org/changeset/56380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-11-03T09:00:00",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "MDVSA-2011:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "FEDORA-2010-11020",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2010-1801",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1801"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596494"
},
{
"name": "USN-1006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=36339"
},
{
"name": "40557",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40557"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "FEDORA-2010-11011",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html"
},
{
"name": "ADV-2011-0552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.webkit.org/changeset/56380"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "FEDORA-2010-11020",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2010-1801",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1801"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=596494",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596494"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=36339",
"refsource": "CONFIRM",
"url": "https://bugs.webkit.org/show_bug.cgi?id=36339"
},
{
"name": "40557",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40557"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "FEDORA-2010-11011",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "http://trac.webkit.org/changeset/56380",
"refsource": "CONFIRM",
"url": "http://trac.webkit.org/changeset/56380"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1766",
"datePublished": "2010-07-22T01:00:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0295 (GCVE-0-2015-0295)
Vulnerability from cvelistv5
Published
2015-03-25 14:00
Modified
2024-08-06 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "73029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73029"
},
{
"name": "[Announce] 20150227 Qt Security Advisory: DoS vulnerability in the BMP image handler",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-February/000059.html"
},
{
"name": "FEDORA-2015-2866",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.html"
},
{
"name": "FEDORA-2015-2901",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.html"
},
{
"name": "openSUSE-SU-2015:0573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"name": "FEDORA-2015-2886",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.html"
},
{
"name": "FEDORA-2015-2895",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "FEDORA-2015-2897",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.html"
},
{
"name": "FEDORA-2015-2869",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "73029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73029"
},
{
"name": "[Announce] 20150227 Qt Security Advisory: DoS vulnerability in the BMP image handler",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-February/000059.html"
},
{
"name": "FEDORA-2015-2866",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.html"
},
{
"name": "FEDORA-2015-2901",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.html"
},
{
"name": "openSUSE-SU-2015:0573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"name": "FEDORA-2015-2886",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.html"
},
{
"name": "FEDORA-2015-2895",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "FEDORA-2015-2897",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.html"
},
{
"name": "FEDORA-2015-2869",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0295",
"datePublished": "2015-03-25T14:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1860 (GCVE-0-2015-1860)
Vulnerability from cvelistv5
Published
2015-05-12 19:00
Modified
2024-08-06 04:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "FEDORA-2015-6573",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"name": "FEDORA-2015-6613",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"
},
{
"name": "74302",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74302"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "FEDORA-2015-6661",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/108248/"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "FEDORA-2015-6573",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"name": "FEDORA-2015-6613",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"
},
{
"name": "74302",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74302"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "FEDORA-2015-6661",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#/c/108248/"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1860",
"datePublished": "2015-05-12T19:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4549 (GCVE-0-2013-4549)
Vulnerability from cvelistv5
Published
2013-12-23 22:00
Modified
2024-08-06 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion\tDenial of Service",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
},
{
"name": "56166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56166"
},
{
"name": "openSUSE-SU-2014:0173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
},
{
"name": "56008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56008"
},
{
"name": "openSUSE-SU-2014:0125",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#change%2C71010"
},
{
"name": "openSUSE-SU-2014:0176",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
},
{
"name": "openSUSE-SU-2014:0067",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
},
{
"name": "USN-2057-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2057-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#change%2C71368"
},
{
"name": "openSUSE-SU-2014:0070",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
},
{
"name": "FEDORA-2014-5695",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-08T12:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion\tDenial of Service",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
},
{
"name": "56166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56166"
},
{
"name": "openSUSE-SU-2014:0173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
},
{
"name": "56008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56008"
},
{
"name": "openSUSE-SU-2014:0125",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#change%2C71010"
},
{
"name": "openSUSE-SU-2014:0176",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
},
{
"name": "openSUSE-SU-2014:0067",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
},
{
"name": "USN-2057-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2057-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#change%2C71368"
},
{
"name": "openSUSE-SU-2014:0070",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
},
{
"name": "FEDORA-2014-5695",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4549",
"datePublished": "2013-12-23T22:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2621 (GCVE-0-2010-2621)
Vulnerability from cvelistv5
Published
2010-07-02 20:00
Modified
2024-08-07 02:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46410"
},
{
"name": "ADV-2010-1657",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/poc/qtsslame.zip"
},
{
"name": "41250",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41250"
},
{
"name": "65860",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/65860"
},
{
"name": "40389",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"name": "SUSE-SU-2011:1113",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/adv/qtsslame-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-19T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46410"
},
{
"name": "ADV-2010-1657",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/poc/qtsslame.zip"
},
{
"name": "41250",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41250"
},
{
"name": "65860",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/65860"
},
{
"name": "40389",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"name": "SUSE-SU-2011:1113",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/adv/qtsslame-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46410"
},
{
"name": "ADV-2010-1657",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1657"
},
{
"name": "http://aluigi.org/poc/qtsslame.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/qtsslame.zip"
},
{
"name": "41250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41250"
},
{
"name": "65860",
"refsource": "OSVDB",
"url": "http://osvdb.org/65860"
},
{
"name": "40389",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40389"
},
{
"name": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597",
"refsource": "CONFIRM",
"url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"name": "SUSE-SU-2011:1113",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"name": "http://aluigi.org/adv/qtsslame-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/qtsslame-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2621",
"datePublished": "2010-07-02T20:00:00",
"dateReserved": "2010-07-02T00:00:00",
"dateUpdated": "2024-08-07T02:39:37.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1858 (GCVE-0-2015-1858)
Vulnerability from cvelistv5
Published
2015-05-12 19:00
Modified
2024-08-06 04:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/108312/"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"name": "74309",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74309"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#/c/108312/"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"name": "74309",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74309"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1858",
"datePublished": "2015-05-12T19:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1859 (GCVE-0-2015-1859)
Vulnerability from cvelistv5
Published
2015-05-12 19:00
Modified
2024-08-06 04:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "74307",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74307"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "74310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74310"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "74307",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74307"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "74310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74310"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1859",
"datePublished": "2015-05-12T19:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5624 (GCVE-0-2012-5624)
Vulnerability from cvelistv5
Published
2013-02-24 19:00
Modified
2024-09-16 18:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:0157",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"name": "USN-1723-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"name": "52217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"name": "[oss-security] 20121204 Re: CVE Request -- Qt (x \u003c 4.8.4): QML XmlHttpRequest insecure redirection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#change%2C40034"
},
{
"name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"name": "openSUSE-SU-2013:0154",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"name": "openSUSE-SU-2013:0143",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2013:0157",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"name": "USN-1723-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"name": "52217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"name": "[oss-security] 20121204 Re: CVE Request -- Qt (x \u003c 4.8.4): QML XmlHttpRequest insecure redirection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#change%2C40034"
},
{
"name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"name": "openSUSE-SU-2013:0154",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"name": "openSUSE-SU-2013:0143",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0157",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"name": "USN-1723-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"name": "52217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52217"
},
{
"name": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71",
"refsource": "CONFIRM",
"url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"name": "[oss-security] 20121204 Re: CVE Request -- Qt (x \u003c 4.8.4): QML XmlHttpRequest insecure redirection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"name": "https://codereview.qt-project.org/#change,40034",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#change,40034"
},
{
"name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
"refsource": "MLIST",
"url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"name": "openSUSE-SU-2013:0154",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"name": "openSUSE-SU-2013:0143",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=883415",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5624",
"datePublished": "2013-02-24T19:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-09-16T18:45:23.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5076 (GCVE-0-2010-5076)
Vulnerability from cvelistv5
Published
2012-06-29 19:00
Modified
2024-08-07 04:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1504-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"name": "49895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49895"
},
{
"name": "RHSA-2012:0880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html"
},
{
"name": "41236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41236"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0"
},
{
"name": "49604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49604"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugreports.qt-project.org/browse/QTBUG-4455"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject\u0027s Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-16T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1504-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"name": "49895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49895"
},
{
"name": "RHSA-2012:0880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html"
},
{
"name": "41236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41236"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0"
},
{
"name": "49604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49604"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugreports.qt-project.org/browse/QTBUG-4455"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5076",
"datePublished": "2012-06-29T19:00:00",
"dateReserved": "2011-12-19T00:00:00",
"dateUpdated": "2024-08-07T04:09:38.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2015-05-12 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html | Patch, Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.qt-project.org/pipermail/announce/2015-April/000067.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/74307 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securityfocus.com/bid/74310 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-2626-1 | ||
| secalert@redhat.com | https://security.gentoo.org/glsa/201603-10 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.qt-project.org/pipermail/announce/2015-April/000067.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74307 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74310 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2626-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201603-10 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86E76F78-582E-4473-BF2F-70452F0B6AD5",
"versionEndIncluding": "4.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20079A6C-A3B9-4492-BC1F-A3B668F326D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E42429B-0123-428E-AD62-23000CDF7343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D60AFED7-9707-4FB7-817D-E2DE4BCABE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2980C52-9843-4A39-B164-76E9583F2D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en plugins/imageformats/ico/qicohandler.cpp en el m\u00f3dulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n y ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen ICO manipulada."
}
],
"id": "CVE-2015-1859",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-12T19:59:05.957",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74307"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/74310"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201603-10"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-22 05:42
Modified
2025-04-11 00:51
Severity ?
Summary
Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html | ||
| product-security@apple.com | http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html | ||
| product-security@apple.com | http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | ||
| product-security@apple.com | http://secunia.com/advisories/40557 | Vendor Advisory | |
| product-security@apple.com | http://secunia.com/advisories/41856 | Vendor Advisory | |
| product-security@apple.com | http://secunia.com/advisories/43068 | Vendor Advisory | |
| product-security@apple.com | http://trac.webkit.org/changeset/56380 | ||
| product-security@apple.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 | ||
| product-security@apple.com | http://www.ubuntu.com/usn/USN-1006-1 | ||
| product-security@apple.com | http://www.vupen.com/english/advisories/2010/1801 | Vendor Advisory | |
| product-security@apple.com | http://www.vupen.com/english/advisories/2010/2722 | ||
| product-security@apple.com | http://www.vupen.com/english/advisories/2011/0212 | ||
| product-security@apple.com | http://www.vupen.com/english/advisories/2011/0552 | ||
| product-security@apple.com | https://bugs.webkit.org/show_bug.cgi?id=36339 | ||
| product-security@apple.com | https://bugzilla.redhat.com/show_bug.cgi?id=596494 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40557 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/41856 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43068 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://trac.webkit.org/changeset/56380 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1006-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1801 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/2722 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0212 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/0552 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.webkit.org/show_bug.cgi?id=36339 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=596494 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75F543EF-AFA9-42EA-B60B-33711005EAB0",
"versionEndIncluding": "4.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webkit:webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF922448-569B-440D-9695-3D063848023D",
"versionEndIncluding": "r56379",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid."
},
{
"lang": "es",
"value": "Error de superaci\u00f3n de l\u00edmite en la funci\u00f3n WebSocketHandshake::readServerHandshake en websockets/WebSocketHandshake.cpp en WebCore en WebKit anterior a r56380, utilizado en Qt y otros productos, permite a los servidores de websockets remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria), o posiblemente tener otro impacto no especificado a trav\u00e9s de una cabecera de actualizaci\u00f3n que es larga e inv\u00e1lida."
}
],
"id": "CVE-2010-1766",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-22T05:42:55.877",
"references": [
{
"source": "product-security@apple.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html"
},
{
"source": "product-security@apple.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html"
},
{
"source": "product-security@apple.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40557"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41856"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "product-security@apple.com",
"url": "http://trac.webkit.org/changeset/56380"
},
{
"source": "product-security@apple.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"source": "product-security@apple.com",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1801"
},
{
"source": "product-security@apple.com",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"source": "product-security@apple.com",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "product-security@apple.com",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"source": "product-security@apple.com",
"url": "https://bugs.webkit.org/show_bug.cgi?id=36339"
},
{
"source": "product-security@apple.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://trac.webkit.org/changeset/56380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.webkit.org/show_bug.cgi?id=36339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596494"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-23 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/ | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html | ||
| secalert@redhat.com | http://lists.qt-project.org/pipermail/announce/2013-December/000036.html | ||
| secalert@redhat.com | http://secunia.com/advisories/56008 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/56166 | Vendor Advisory | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-2057-1 | ||
| secalert@redhat.com | https://codereview.qt-project.org/#change%2C71010 | ||
| secalert@redhat.com | https://codereview.qt-project.org/#change%2C71368 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.qt-project.org/pipermail/announce/2013-December/000036.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/56008 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/56166 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2057-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#change%2C71010 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#change%2C71368 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73CA5980-1396-4C98-8745-90A8F9767B58",
"versionEndIncluding": "5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20079A6C-A3B9-4492-BC1F-A3B668F326D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack."
},
{
"lang": "es",
"value": "QXmlSimpleReader en Qt anterior a v5.2 permite a los atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (consumo de memoria) mediante un ataque XML Entity Expansion (XEE)."
}
],
"id": "CVE-2013-4549",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-23T22:55:02.880",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56008"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56166"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2057-1"
},
{
"source": "secalert@redhat.com",
"url": "https://codereview.qt-project.org/#change%2C71010"
},
{
"source": "secalert@redhat.com",
"url": "https://codereview.qt-project.org/#change%2C71368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2057-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.qt-project.org/#change%2C71010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.qt-project.org/#change%2C71368"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-25 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html | ||
| secalert@redhat.com | http://lists.qt-project.org/pipermail/announce/2015-February/000059.html | Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/73029 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-2626-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.qt-project.org/pipermail/announce/2015-February/000059.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/73029 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2626-1 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 20 | |
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 | |
| opensuse | opensuse | 13.1 | |
| digia | qt | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14CA13D1-7D0B-47BF-B853-14C5271C2000",
"versionEndIncluding": "5.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file."
},
{
"lang": "es",
"value": "El decodificador BMP en QtGui en QT anterior a 5.5 no calcula correctamente las mascaras utilizadas para extraer los componentes de color, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (dividir por cero y ca\u00edda) a trav\u00e9s de un fichero BMP manipulado."
}
],
"id": "CVE-2015-0295",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-25T14:59:01.720",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-February/000059.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/73029"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-February/000059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-02 20:30
Modified
2025-04-11 00:51
Severity ?
Summary
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://aluigi.org/adv/qtsslame-adv.txt | ||
| cve@mitre.org | http://aluigi.org/poc/qtsslame.zip | Exploit | |
| cve@mitre.org | http://osvdb.org/65860 | ||
| cve@mitre.org | http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597 | ||
| cve@mitre.org | http://secunia.com/advisories/40389 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/46410 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/41250 | Exploit | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/1657 | Vendor Advisory | |
| cve@mitre.org | https://hermes.opensuse.org/messages/12056605 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://aluigi.org/adv/qtsslame-adv.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://aluigi.org/poc/qtsslame.zip | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/65860 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40389 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46410 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/41250 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1657 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hermes.opensuse.org/messages/12056605 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digia | qt | * | |
| qt | qt | 4.0.0 | |
| qt | qt | 4.0.1 | |
| qt | qt | 4.1.0 | |
| qt | qt | 4.1.1 | |
| qt | qt | 4.1.2 | |
| qt | qt | 4.1.3 | |
| qt | qt | 4.1.4 | |
| qt | qt | 4.1.5 | |
| qt | qt | 4.2.0 | |
| qt | qt | 4.2.1 | |
| qt | qt | 4.2.3 | |
| qt | qt | 4.3.0 | |
| qt | qt | 4.3.1 | |
| qt | qt | 4.3.2 | |
| qt | qt | 4.3.3 | |
| qt | qt | 4.3.4 | |
| qt | qt | 4.3.5 | |
| qt | qt | 4.4.0 | |
| qt | qt | 4.4.1 | |
| qt | qt | 4.4.2 | |
| qt | qt | 4.4.3 | |
| qt | qt | 4.5.0 | |
| qt | qt | 4.5.1 | |
| qt | qt | 4.5.2 | |
| qt | qt | 4.5.3 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.1 | |
| qt | qt | 4.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AE2922-1C8A-453D-BC5F-5F158DEB8607",
"versionEndIncluding": "4.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A12D978-B6FF-4C67-97D4-91A285C47813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBD073E-F3E0-4273-81E9-AF010B711F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D58ACBA-7DF3-403A-AC0E-94749383C750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D16BB8CE-3871-4DFA-84BB-C089894437D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE12FD7-2FB2-444A-A660-86294646F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5596442-5608-439B-8BE6-53A70F20C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29FD745E-4B61-417F-BC66-386877E75351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request."
},
{
"lang": "es",
"value": "La funci\u00f3n QSslSocketBackendPrivate::transmit en src_network_ssl_qsslsocket_openssl.cpp en Qt v4.6.3 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de una solicitud mal formada."
}
],
"id": "CVE-2010-2621",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-02T20:30:01.707",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.org/adv/qtsslame-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.org/poc/qtsslame.zip"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/65860"
},
{
"source": "cve@mitre.org",
"url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40389"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46410"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41250"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1657"
},
{
"source": "cve@mitre.org",
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.org/adv/qtsslame-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.org/poc/qtsslame.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/65860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/12056605"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-12 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html | Patch, Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.qt-project.org/pipermail/announce/2015-April/000067.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/74302 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-2626-1 | ||
| secalert@redhat.com | https://codereview.qt-project.org/#/c/108248/ | Patch | |
| secalert@redhat.com | https://security.gentoo.org/glsa/201603-10 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.qt-project.org/pipermail/announce/2015-April/000067.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74302 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2626-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/108248/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201603-10 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86E76F78-582E-4473-BF2F-70452F0B6AD5",
"versionEndIncluding": "4.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20079A6C-A3B9-4492-BC1F-A3B668F326D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E42429B-0123-428E-AD62-23000CDF7343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D60AFED7-9707-4FB7-817D-E2DE4BCABE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2980C52-9843-4A39-B164-76E9583F2D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en gui/image/qgifhandler.cpp en el m\u00f3dulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen GIF manipulada."
}
],
"id": "CVE-2015-1860",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-12T19:59:06.957",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74302"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/#/c/108248/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/#/c/108248/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201603-10"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-24 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html | ||
| secalert@redhat.com | http://lists.qt-project.org/pipermail/announce/2012-November/000014.html | ||
| secalert@redhat.com | http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71 | ||
| secalert@redhat.com | http://secunia.com/advisories/52217 | Vendor Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/12/04/8 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1723-1 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=883415 | ||
| secalert@redhat.com | https://codereview.qt-project.org/#change%2C40034 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.qt-project.org/pipermail/announce/2012-November/000014.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/52217 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/12/04/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1723-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=883415 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#change%2C40034 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digia | qt | * | |
| qt | qt | 1.41 | |
| qt | qt | 1.42 | |
| qt | qt | 1.43 | |
| qt | qt | 1.44 | |
| qt | qt | 1.45 | |
| qt | qt | 2.0.0 | |
| qt | qt | 2.0.1 | |
| qt | qt | 2.0.2 | |
| qt | qt | 3.3.0 | |
| qt | qt | 3.3.1 | |
| qt | qt | 3.3.2 | |
| qt | qt | 3.3.3 | |
| qt | qt | 3.3.4 | |
| qt | qt | 3.3.5 | |
| qt | qt | 3.3.6 | |
| qt | qt | 4.0.0 | |
| qt | qt | 4.0.1 | |
| qt | qt | 4.1.0 | |
| qt | qt | 4.1.1 | |
| qt | qt | 4.1.2 | |
| qt | qt | 4.1.3 | |
| qt | qt | 4.1.4 | |
| qt | qt | 4.1.5 | |
| qt | qt | 4.2.0 | |
| qt | qt | 4.2.1 | |
| qt | qt | 4.2.3 | |
| qt | qt | 4.3.0 | |
| qt | qt | 4.3.1 | |
| qt | qt | 4.3.2 | |
| qt | qt | 4.3.3 | |
| qt | qt | 4.3.4 | |
| qt | qt | 4.3.5 | |
| qt | qt | 4.4.0 | |
| qt | qt | 4.4.1 | |
| qt | qt | 4.4.2 | |
| qt | qt | 4.4.3 | |
| qt | qt | 4.5.0 | |
| qt | qt | 4.5.1 | |
| qt | qt | 4.5.2 | |
| qt | qt | 4.5.3 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.1 | |
| qt | qt | 4.6.2 | |
| qt | qt | 4.6.3 | |
| qt | qt | 4.6.4 | |
| qt | qt | 4.6.5 | |
| qt | qt | 4.6.5 | |
| qt | qt | 4.7.0 | |
| qt | qt | 4.7.1 | |
| qt | qt | 4.7.2 | |
| qt | qt | 4.7.3 | |
| qt | qt | 4.7.4 | |
| qt | qt | 4.7.5 | |
| qt | qt | 4.7.6 | |
| qt | qt | 4.7.6 | |
| qt | qt | 4.8.0 | |
| qt | qt | 4.8.1 | |
| qt | qt | 4.8.2 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F547829-91BE-4BF6-A19E-E592BC15FD8A",
"versionEndIncluding": "4.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "57FBB4FA-43C6-432F-94FD-BAADF4DD7CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "30245B99-C5CB-4FDA-B70F-2CB7FA7BDF43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.43:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9FC7F3-02BD-485A-AA1B-C5067F384683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA3424C-8257-445D-A9DC-1CD562651DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D954A35A-9BB8-4415-910D-C4AAEA2F5664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67C5548D-2A34-4AAE-A43F-373D4C7F5B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90E4F51F-52B4-4AB9-926C-EEDAC2052E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6D3319-130D-49BF-8395-90E9F4D8583C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D26BBF-106F-48C8-9D57-CF080486DB64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "026716CE-6BA5-4FC4-8BD3-BF5430DEBE99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52BF63BD-E6FA-49AA-9627-7EDAD7939531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27EBEAE0-C1DF-46E4-9E2A-B333912A4950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCDBB15-4E26-48F0-A266-CA059CFEE596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A07F27DC-47A4-4EF2-91CC-81863D015B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58E53D3A-665D-4EEE-82EF-4EDBD194B475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A12D978-B6FF-4C67-97D4-91A285C47813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBD073E-F3E0-4273-81E9-AF010B711F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D58ACBA-7DF3-403A-AC0E-94749383C750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D16BB8CE-3871-4DFA-84BB-C089894437D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE12FD7-2FB2-444A-A660-86294646F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5596442-5608-439B-8BE6-53A70F20C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29FD745E-4B61-417F-BC66-386877E75351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5CFCD4-6CB1-489D-9619-B0169EA1719C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "510C5795-4E61-470F-BE62-A6732F4F0341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.5:rc:*:*:*:*:*:*",
"matchCriteriaId": "88365332-FA7E-42A6-BC52-4517EAAC90B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC1BC2C-6D99-463F-9326-AF9B468E03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "342A67CF-B332-46D1-A3FF-604552953C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9239A893-506A-4853-8B00-FCDE5EC3E5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6196C5-BB95-447A-B610-4765AB702F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E398049-C78A-452C-9FBF-E32DC86BDBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8A505785-5597-4F5D-99A3-D143C1CCBFBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.6:rc:*:*:*:*:*:*",
"matchCriteriaId": "6E5EF3D1-6BD5-4488-A18C-79E26E87CFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B307395A-36B6-4F54-92C9-D732580F3EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D0CB6E-5275-4D51-81F1-84D456F936B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "214A1125-FBE9-433D-8B05-10595CD59F24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."
},
{
"lang": "es",
"value": "El objeto XMLHttpRequest en Qt anterior a v4.8.4 permite la redirecci\u00f3n http al fichero scheme, lo que permite llevar a atacantes de hombre-en-medio (man-in-the-middle) forzar la lectura de ficheros locales arbitrarios y posiblemente obtener informaci\u00f3n sensible mediante un fichero: URL para una aplicaci\u00f3n QML."
}
],
"evaluatorComment": "Per http://www.ubuntu.com/usn/USN-1723-1/\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n Ubuntu 12.10\r\n Ubuntu 12.04 LTS\r\n Ubuntu 11.10\r\n Ubuntu 10.04 LTS\r\n",
"id": "CVE-2012-5624",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-02-24T19:55:00.830",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"source": "secalert@redhat.com",
"url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52217"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
},
{
"source": "secalert@redhat.com",
"url": "https://codereview.qt-project.org/#change%2C40034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.qt-project.org/#change%2C40034"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-12 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html | Patch, Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.qt-project.org/pipermail/announce/2015-April/000067.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/74309 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-2626-1 | ||
| secalert@redhat.com | https://codereview.qt-project.org/#/c/108312/ | Patch | |
| secalert@redhat.com | https://security.gentoo.org/glsa/201603-10 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.qt-project.org/pipermail/announce/2015-April/000067.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74309 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2626-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/108312/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201603-10 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86E76F78-582E-4473-BF2F-70452F0B6AD5",
"versionEndIncluding": "4.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20079A6C-A3B9-4492-BC1F-A3B668F326D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E42429B-0123-428E-AD62-23000CDF7343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D60AFED7-9707-4FB7-817D-E2DE4BCABE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2980C52-9843-4A39-B164-76E9583F2D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos del buffer en gui/image/qbmphandler.cpp en el m\u00f3dulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n y ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen BMP manipulada."
}
],
"id": "CVE-2015-1858",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-12T19:59:04.880",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74309"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/#/c/108312/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/#/c/108312/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201603-10"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-29 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0 | Exploit, Patch | |
| secalert@redhat.com | http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e | Patch | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2012-0880.html | ||
| secalert@redhat.com | http://secunia.com/advisories/41236 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/49604 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/49895 | Vendor Advisory | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1504-1 | ||
| secalert@redhat.com | http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt | ||
| secalert@redhat.com | https://bugreports.qt-project.org/browse/QTBUG-4455 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-0880.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/41236 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49604 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49895 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1504-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugreports.qt-project.org/browse/QTBUG-4455 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digia | qt | * | |
| qt | qt | 4.0.0 | |
| qt | qt | 4.0.1 | |
| qt | qt | 4.1.0 | |
| qt | qt | 4.1.1 | |
| qt | qt | 4.1.2 | |
| qt | qt | 4.1.3 | |
| qt | qt | 4.1.4 | |
| qt | qt | 4.1.5 | |
| qt | qt | 4.2.0 | |
| qt | qt | 4.2.1 | |
| qt | qt | 4.2.3 | |
| qt | qt | 4.3.0 | |
| qt | qt | 4.3.1 | |
| qt | qt | 4.3.2 | |
| qt | qt | 4.3.3 | |
| qt | qt | 4.3.4 | |
| qt | qt | 4.3.5 | |
| qt | qt | 4.4.0 | |
| qt | qt | 4.4.1 | |
| qt | qt | 4.4.2 | |
| qt | qt | 4.4.3 | |
| qt | qt | 4.5.0 | |
| qt | qt | 4.5.1 | |
| qt | qt | 4.5.2 | |
| qt | qt | 4.5.3 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.1 | |
| qt | qt | 4.6.2 | |
| qt | qt | 4.6.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5547662-C2D8-48C6-B1A5-7F929772EAA9",
"versionEndIncluding": "4.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A12D978-B6FF-4C67-97D4-91A285C47813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBD073E-F3E0-4273-81E9-AF010B711F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D58ACBA-7DF3-403A-AC0E-94749383C750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D16BB8CE-3871-4DFA-84BB-C089894437D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE12FD7-2FB2-444A-A660-86294646F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5596442-5608-439B-8BE6-53A70F20C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29FD745E-4B61-417F-BC66-386877E75351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject\u0027s Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
},
{
"lang": "es",
"value": "QSslSocket de Qt anteriores a 4.7.0-rc1 reconoce direcciones IP comod\u00edn en el campo \"Common Name\" del \"subject\" de un certificado X.509, lo que permite a atacantes \"man-in-the-middle\" suplantar servidores SSL arbitrarios a trav\u00e9s de un certificado modificado suministrado por una autoridad de certificaci\u00f3n leg\u00edtima."
}
],
"id": "CVE-2010-5076",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-29T19:55:01.563",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41236"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49604"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49895"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt"
},
{
"source": "secalert@redhat.com",
"url": "https://bugreports.qt-project.org/browse/QTBUG-4455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugreports.qt-project.org/browse/QTBUG-4455"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}