Vulnerabilities > CVE-2004-0691 - Unspecified vulnerability in Trolltech QT
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Qt BMP Parsing Bug Heap Overflow Exploit. CVE-2004-0691. Remote exploit for linux platform |
| id | EDB-ID:408 |
| last seen | 2016-01-31 |
| modified | 2004-08-21 |
| published | 2004-08-21 |
| reporter | infamous41md |
| source | https://www.exploit-db.com/download/408/ |
| title | Qt BMP Parsing Bug Heap Overflow Exploit |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-414.NASL description Updated qt packages that fix security issues in several of the image decoders are now available. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0692 and CVE-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14326 published 2004-08-22 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14326 title RHEL 2.1 / 3 : qt (RHSA-2004:414) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:414. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(14326); script_version ("1.29"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2004-0691", "CVE-2004-0692", "CVE-2004-0693"); script_xref(name:"RHSA", value:"2004:414"); script_name(english:"RHEL 2.1 / 3 : qt (RHSA-2004:414)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated qt packages that fix security issues in several of the image decoders are now available. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0692 and CVE-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0691" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0692" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0693" ); # http://www.trolltech.com/developer/changes/changes-3.3.3.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9aaee330" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:414" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-MySQL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-Xt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-config"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-designer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/28"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:414"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"qt-2.3.1-10")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"qt-Xt-2.3.1-10")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"qt-designer-2.3.1-10")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"qt-devel-2.3.1-10")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"qt-static-2.3.1-10")) flag++; if (rpm_check(release:"RHEL3", reference:"qt-3.1.2-13.4")) flag++; if (rpm_check(release:"RHEL3", reference:"qt-MySQL-3.1.2-13.4")) flag++; if (rpm_check(release:"RHEL3", reference:"qt-config-3.1.2-13.4")) flag++; if (rpm_check(release:"RHEL3", reference:"qt-designer-3.1.2-13.4")) flag++; if (rpm_check(release:"RHEL3", reference:"qt-devel-3.1.2-13.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt / qt-MySQL / qt-Xt / qt-config / qt-designer / qt-devel / etc"); } }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-542.NASL description Several vulnerabilities were discovered in recent versions of Qt, a commonly used graphic widget set, used in KDE for example. The first problem allows an attacker to execute arbitrary code, while the other two only seem to pose a denial of service danger. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2004-0691 : Chris Evans has discovered a heap-based overflow when handling 8-bit RLE encoded BMP files. - CAN-2004-0692 : Marcus Meissner has discovered a crash condition in the XPM handling code, which is not yet fixed in Qt 3.3. - CAN-2004-0693 : Marcus Meissner has discovered a crash condition in the GIF handling code, which is not yet fixed in Qt 3.3. last seen 2020-06-01 modified 2020-06-02 plugin id 15379 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15379 title Debian DSA-542-1 : qt - unsanitised input code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-542. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15379); script_version("1.23"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2004-0691", "CVE-2004-0692", "CVE-2004-0693"); script_xref(name:"DSA", value:"542"); script_name(english:"Debian DSA-542-1 : qt - unsanitised input"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities were discovered in recent versions of Qt, a commonly used graphic widget set, used in KDE for example. The first problem allows an attacker to execute arbitrary code, while the other two only seem to pose a denial of service danger. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2004-0691 : Chris Evans has discovered a heap-based overflow when handling 8-bit RLE encoded BMP files. - CAN-2004-0692 : Marcus Meissner has discovered a crash condition in the XPM handling code, which is not yet fixed in Qt 3.3. - CAN-2004-0693 : Marcus Meissner has discovered a crash condition in the GIF handling code, which is not yet fixed in Qt 3.3." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267092" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2004/dsa-542" ); script_set_attribute( attribute:"solution", value: "Upgrade the qt packages. For the stable distribution (woody) these problems have been fixed in version 3.0.3-20020329-1woody2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qt-copy"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"libqt3", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"libqt3-dev", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"libqt3-mt", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"libqt3-mt-dev", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"libqt3-mt-mysql", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"libqt3-mt-odbc", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"libqt3-mysql", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"libqt3-odbc", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"libqxt0", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"qt3-doc", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"qt3-tools", reference:"3.0.3-20020329-1woody2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_SA_2004_027.NASL description The remote host is missing the patch for the advisory SUSE-SA:2004:027 (qt3/qt3-non-mt/qt3-32bit/qt3-static). The QT-library is an environment for GUI-programming and is used in various well-known projects, like KDE. There is a heap overflow in the BMP image format parser. An attacker, exploiting this flaw, would need to be able to coerce a local user or program to process a specially crafted image file. Upon successful exploitation, the attacker would be able to execute arbitrary code. In addition, there are 2 distinct flaws within the XPM parser which, when exploited, lead to a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 14322 published 2004-08-20 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14322 title SUSE-SA:2004:027: qt3/qt3-non-mt/qt3-32bit/qt3-static code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2004:027 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(14322); script_bugtraq_id(10977); script_version ("1.14"); script_cve_id("CVE-2004-0691", "CVE-2004-0692", "CVE-2004-0693"); name["english"] = "SUSE-SA:2004:027: qt3/qt3-non-mt/qt3-32bit/qt3-static"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2004:027 (qt3/qt3-non-mt/qt3-32bit/qt3-static). The QT-library is an environment for GUI-programming and is used in various well-known projects, like KDE. There is a heap overflow in the BMP image format parser. An attacker, exploiting this flaw, would need to be able to coerce a local user or program to process a specially crafted image file. Upon successful exploitation, the attacker would be able to execute arbitrary code. In addition, there are 2 distinct flaws within the XPM parser which, when exploited, lead to a Denial of Service (DoS)." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/2004_27_qt3.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/20"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_end_attributes(); summary["english"] = "Check for the version of the qt3 packages"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"qt3-3.0.5-167", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-non-mt-3.0.5-231", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-static-3.0.5-159", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-3.1.1-118", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-non-mt-3.1.1-125", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-static-3.1.1-124", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-3.2.1-68", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-non-mt-3.2.1-70", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-static-3.2.1-70", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-3.3.1-36.16", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-non-mt-3.3.1-41.14", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-static-3.3.1-41.14", release:"SUSE9.1") ) { security_hole(0); exit(0); } if (rpm_exists(rpm:"qt3-", release:"SUSE8.1") || rpm_exists(rpm:"qt3-", release:"SUSE8.2") || rpm_exists(rpm:"qt3-", release:"SUSE9.0") || rpm_exists(rpm:"qt3-", release:"SUSE9.1") ) { set_kb_item(name:"CVE-2004-0691", value:TRUE); set_kb_item(name:"CVE-2004-0692", value:TRUE); set_kb_item(name:"CVE-2004-0693", value:TRUE); }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2004-236-01.NASL description New Qt packages are available for Slackware 9.0, 9.1, 10.0, and -current to fix security issues. Bugs in the routines that handle PNG, BMP, GIF, and JPEG images may allow an attacker to cause unauthorized code to execute when a specially crafted image file is processed. These flaws may also cause crashes that lead to a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 18767 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18767 title Slackware 10.0 / 9.0 / 9.1 / current : Qt (SSA:2004-236-01) NASL family Fedora Local Security Checks NASL id FEDORA_2004-288.NASL description During testing of a previously fixed flaw in Qt (CVE-2004-0691), a flaw was discovered in the BMP image processor of gtk2. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0753 to this issue. During a security audit Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CVE-2004-0782, CVE-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file was opened by a victim. (CVE-2004-0788) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14743 published 2004-09-15 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14743 title Fedora Core 1 : gtk2-2.2.4-10 (2004-288) NASL family Fedora Local Security Checks NASL id FEDORA_2004-287.NASL description During testing of a previously fixed flaw in Qt (CVE-2004-0691), a flaw was discovered in the BMP image processor of gdk-pixbuf. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0753 to this issue. During a security audit, Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CVE-2004-0782, CVE-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file is opened by a victim. (CVE-2004-0788) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14742 published 2004-09-15 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14742 title Fedora Core 2 : gdk-pixbuf-0.22.0-11.2.3 (2004-287) NASL family Fedora Local Security Checks NASL id FEDORA_2004-271.NASL description During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0692 and CVE-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14349 published 2004-08-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14349 title Fedora Core 2 : qt-3.3.3-0.1 (2004-271) NASL family Fedora Local Security Checks NASL id FEDORA_2004-286.NASL description During testing of a previously fixed flaw in Qt (CVE-2004-0691), a flaw was discovered in the BMP image processor of gdk-pixbuf. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0753 to this issue. During a security audit, Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CVE-2004-0782, CVE-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file is opened by a victim. (CVE-2004-0788) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14741 published 2004-09-15 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14741 title Fedora Core 1 : gdk-pixbuf-0.22.0-11.2.2 (2004-286) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-447.NASL description Updated gdk-pixbuf packages that fix several security flaws are now available. The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. [Updated 15th September 2004] Packages have been updated to correct a bug which caused the xpm loader to fail. During testing of a previously fixed flaw in Qt (CVE-2004-0691), a flaw was discovered in the BMP image processor of gdk-pixbuf. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0753 to this issue. During a security audit, Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CVE-2004-0782, CVE-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file is opened by a victim. (CVE-2004-0788) These packages have also been updated to correct a bug which caused the xpm loader to fail. Users of gdk-pixbuf are advised to upgrade to these packages, which contain backported patches and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14738 published 2004-09-15 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14738 title RHEL 2.1 / 3 : gdk-pixbuf (RHSA-2004:447) NASL family Fedora Local Security Checks NASL id FEDORA_2004-289.NASL description During testing of a previously fixed flaw in Qt (CVE-2004-0691), a flaw was discovered in the BMP image processor of gtk2. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0753 to this issue. During a security audit Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CVE-2004-0782, CVE-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file was opened by a victim. (CVE-2004-0788) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14744 published 2004-09-15 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14744 title Fedora Core 2 : gtk2-2.4.7-2.4 (2004-289) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-085.NASL description Chris Evans discovered a heap-based overflow in the QT library when handling 8-bit RLE encoded BMP files. This vulnerability could allow for the compromise of the account used to view or browse malicious BMP files. On subsequent investigation, it was also found that the handlers for XPM, GIF, and JPEG image types were also faulty. These problems affect all applications that use QT to handle image files, such as QT-based image viewers, the Konqueror web browser, and others. The updated packages have been patched to correct these problems. last seen 2020-06-01 modified 2020-06-02 plugin id 14334 published 2004-08-22 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14334 title Mandrake Linux Security Advisory : qt3 (MDKSA-2004:085) NASL family FreeBSD Local Security Checks NASL id FREEBSD_QT_333.NASL description Qt contains several vulnerabilities related to image loading, including possible crashes when loading corrupt GIF, BMP, or JPEG images. Most seriously, Chris Evans reports that the BMP crash is actually due to a heap buffer overflow. It is believed that an attacker may be able to construct a BMP image that could cause a Qt-using application to execute arbitrary code when it is loaded. last seen 2020-06-01 modified 2020-06-02 plugin id 14340 published 2004-08-23 reporter This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14340 title FreeBSD : qt -- image loader vulnerabilities (ebffe27a-f48c-11d8-9837-000c41e2cdad) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-466.NASL description Updated gtk2 packages that fix several security flaws and bugs are now available. The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. During testing of a previously fixed flaw in Qt (CVE-2004-0691), a flaw was discovered in the BMP image processor of gtk2. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0753 to this issue. During a security audit Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CVE-2004-0782, CVE-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file was opened by a victim. (CVE-2004-0788) This updated gtk2 package also fixes a few key combination bugs on various X servers, such as Hummingbird, ReflectionX, and X-Win32. If a server was configured to use the Swiss German, Swiss French, or France French keyboard layouts, Mode_Switched characters were unable to be entered within GTK based applications. Users of gtk2 are advised to upgrade to these packages which contain backported patches and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14734 published 2004-09-15 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14734 title RHEL 3 : gtk2 (RHSA-2004:466) NASL family Fedora Local Security Checks NASL id FEDORA_2004-270.NASL description During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0692 and CVE-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14348 published 2004-08-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14348 title Fedora Core 1 : qt-3.1.2-14.2 (2004-270) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200408-20.NASL description The remote host is affected by the vulnerability described in GLSA-200408-20 (Qt: Image loader overflows) There are several unspecified bugs in the QImage class which may cause crashes or allow execution of arbitrary code as the user running the Qt application. These bugs affect the PNG, XPM, BMP, GIF and JPEG image types. Impact : An attacker may exploit these bugs by causing a user to open a carefully-constructed image file in any one of these formats. This may be accomplished through e-mail attachments (if the user uses KMail), or by simply placing a malformed image on a website and then convicing the user to load the site in a Qt-based browser (such as Konqueror). Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Qt. last seen 2020-06-01 modified 2020-06-02 plugin id 14576 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14576 title GLSA-200408-20 : Qt: Image loader overflows
Oval
| accepted | 2013-04-29T04:19:42.398-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:9485 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. | ||||||||
| version | 27 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://marc.info/?l=bugtraq&m=109295309008309&w=2
- http://security.gentoo.org/glsa/glsa-200408-20.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201610-1
- http://www.debian.org/security/2004/dsa-542
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:085
- http://www.novell.com/linux/security/advisories/2004_27_qt3.html
- http://www.redhat.com/support/errata/RHSA-2004-414.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17040
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9485