Vulnerabilities > CVE-2004-0692 - Unspecified vulnerability in Trolltech QT
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN trolltech
nessus
Summary
The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-414.NASL description Updated qt packages that fix security issues in several of the image decoders are now available. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0692 and CVE-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14326 published 2004-08-22 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14326 title RHEL 2.1 / 3 : qt (RHSA-2004:414) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:414. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(14326); script_version ("1.29"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2004-0691", "CVE-2004-0692", "CVE-2004-0693"); script_xref(name:"RHSA", value:"2004:414"); script_name(english:"RHEL 2.1 / 3 : qt (RHSA-2004:414)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated qt packages that fix security issues in several of the image decoders are now available. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0692 and CVE-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0691" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0692" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0693" ); # http://www.trolltech.com/developer/changes/changes-3.3.3.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9aaee330" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:414" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-MySQL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-Xt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-config"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-designer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/28"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:414"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"qt-2.3.1-10")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"qt-Xt-2.3.1-10")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"qt-designer-2.3.1-10")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"qt-devel-2.3.1-10")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"qt-static-2.3.1-10")) flag++; if (rpm_check(release:"RHEL3", reference:"qt-3.1.2-13.4")) flag++; if (rpm_check(release:"RHEL3", reference:"qt-MySQL-3.1.2-13.4")) flag++; if (rpm_check(release:"RHEL3", reference:"qt-config-3.1.2-13.4")) flag++; if (rpm_check(release:"RHEL3", reference:"qt-designer-3.1.2-13.4")) flag++; if (rpm_check(release:"RHEL3", reference:"qt-devel-3.1.2-13.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt / qt-MySQL / qt-Xt / qt-config / qt-designer / qt-devel / etc"); } }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-542.NASL description Several vulnerabilities were discovered in recent versions of Qt, a commonly used graphic widget set, used in KDE for example. The first problem allows an attacker to execute arbitrary code, while the other two only seem to pose a denial of service danger. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2004-0691 : Chris Evans has discovered a heap-based overflow when handling 8-bit RLE encoded BMP files. - CAN-2004-0692 : Marcus Meissner has discovered a crash condition in the XPM handling code, which is not yet fixed in Qt 3.3. - CAN-2004-0693 : Marcus Meissner has discovered a crash condition in the GIF handling code, which is not yet fixed in Qt 3.3. last seen 2020-06-01 modified 2020-06-02 plugin id 15379 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15379 title Debian DSA-542-1 : qt - unsanitised input code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-542. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15379); script_version("1.23"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2004-0691", "CVE-2004-0692", "CVE-2004-0693"); script_xref(name:"DSA", value:"542"); script_name(english:"Debian DSA-542-1 : qt - unsanitised input"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities were discovered in recent versions of Qt, a commonly used graphic widget set, used in KDE for example. The first problem allows an attacker to execute arbitrary code, while the other two only seem to pose a denial of service danger. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2004-0691 : Chris Evans has discovered a heap-based overflow when handling 8-bit RLE encoded BMP files. - CAN-2004-0692 : Marcus Meissner has discovered a crash condition in the XPM handling code, which is not yet fixed in Qt 3.3. - CAN-2004-0693 : Marcus Meissner has discovered a crash condition in the GIF handling code, which is not yet fixed in Qt 3.3." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267092" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2004/dsa-542" ); script_set_attribute( attribute:"solution", value: "Upgrade the qt packages. For the stable distribution (woody) these problems have been fixed in version 3.0.3-20020329-1woody2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qt-copy"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"libqt3", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"libqt3-dev", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"libqt3-mt", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"libqt3-mt-dev", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"libqt3-mt-mysql", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"libqt3-mt-odbc", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"libqt3-mysql", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"libqt3-odbc", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"libqxt0", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"qt3-doc", reference:"3.0.3-20020329-1woody2")) flag++; if (deb_check(release:"3.0", prefix:"qt3-tools", reference:"3.0.3-20020329-1woody2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_SA_2004_027.NASL description The remote host is missing the patch for the advisory SUSE-SA:2004:027 (qt3/qt3-non-mt/qt3-32bit/qt3-static). The QT-library is an environment for GUI-programming and is used in various well-known projects, like KDE. There is a heap overflow in the BMP image format parser. An attacker, exploiting this flaw, would need to be able to coerce a local user or program to process a specially crafted image file. Upon successful exploitation, the attacker would be able to execute arbitrary code. In addition, there are 2 distinct flaws within the XPM parser which, when exploited, lead to a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 14322 published 2004-08-20 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14322 title SUSE-SA:2004:027: qt3/qt3-non-mt/qt3-32bit/qt3-static code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2004:027 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(14322); script_bugtraq_id(10977); script_version ("1.14"); script_cve_id("CVE-2004-0691", "CVE-2004-0692", "CVE-2004-0693"); name["english"] = "SUSE-SA:2004:027: qt3/qt3-non-mt/qt3-32bit/qt3-static"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2004:027 (qt3/qt3-non-mt/qt3-32bit/qt3-static). The QT-library is an environment for GUI-programming and is used in various well-known projects, like KDE. There is a heap overflow in the BMP image format parser. An attacker, exploiting this flaw, would need to be able to coerce a local user or program to process a specially crafted image file. Upon successful exploitation, the attacker would be able to execute arbitrary code. In addition, there are 2 distinct flaws within the XPM parser which, when exploited, lead to a Denial of Service (DoS)." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/2004_27_qt3.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/20"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_end_attributes(); summary["english"] = "Check for the version of the qt3 packages"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"qt3-3.0.5-167", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-non-mt-3.0.5-231", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-static-3.0.5-159", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-3.1.1-118", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-non-mt-3.1.1-125", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-static-3.1.1-124", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-3.2.1-68", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-non-mt-3.2.1-70", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-static-3.2.1-70", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-3.3.1-36.16", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-non-mt-3.3.1-41.14", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"qt3-static-3.3.1-41.14", release:"SUSE9.1") ) { security_hole(0); exit(0); } if (rpm_exists(rpm:"qt3-", release:"SUSE8.1") || rpm_exists(rpm:"qt3-", release:"SUSE8.2") || rpm_exists(rpm:"qt3-", release:"SUSE9.0") || rpm_exists(rpm:"qt3-", release:"SUSE9.1") ) { set_kb_item(name:"CVE-2004-0691", value:TRUE); set_kb_item(name:"CVE-2004-0692", value:TRUE); set_kb_item(name:"CVE-2004-0693", value:TRUE); }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2004-236-01.NASL description New Qt packages are available for Slackware 9.0, 9.1, 10.0, and -current to fix security issues. Bugs in the routines that handle PNG, BMP, GIF, and JPEG images may allow an attacker to cause unauthorized code to execute when a specially crafted image file is processed. These flaws may also cause crashes that lead to a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 18767 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18767 title Slackware 10.0 / 9.0 / 9.1 / current : Qt (SSA:2004-236-01) NASL family Fedora Local Security Checks NASL id FEDORA_2004-271.NASL description During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0692 and CVE-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14349 published 2004-08-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14349 title Fedora Core 2 : qt-3.3.3-0.1 (2004-271) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_BF2E7483D3FA440D8C6E8F1F2F018818.NASL description Trevor Johnson reported that the Red Hat Linux RPMs used by linux_base contained multiple older vulnerabilities, such as a DNS resolver issue and critical bugs in X font handling and XPM image handling. last seen 2020-06-01 modified 2020-06-02 plugin id 19106 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19106 title FreeBSD : linux_base -- vulnerabilities in Red Hat 7.1 libraries (bf2e7483-d3fa-440d-8c6e-8f1f2f018818) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-085.NASL description Chris Evans discovered a heap-based overflow in the QT library when handling 8-bit RLE encoded BMP files. This vulnerability could allow for the compromise of the account used to view or browse malicious BMP files. On subsequent investigation, it was also found that the handlers for XPM, GIF, and JPEG image types were also faulty. These problems affect all applications that use QT to handle image files, such as QT-based image viewers, the Konqueror web browser, and others. The updated packages have been patched to correct these problems. last seen 2020-06-01 modified 2020-06-02 plugin id 14334 published 2004-08-22 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14334 title Mandrake Linux Security Advisory : qt3 (MDKSA-2004:085) NASL family FreeBSD Local Security Checks NASL id FREEBSD_QT_333.NASL description Qt contains several vulnerabilities related to image loading, including possible crashes when loading corrupt GIF, BMP, or JPEG images. Most seriously, Chris Evans reports that the BMP crash is actually due to a heap buffer overflow. It is believed that an attacker may be able to construct a BMP image that could cause a Qt-using application to execute arbitrary code when it is loaded. last seen 2020-06-01 modified 2020-06-02 plugin id 14340 published 2004-08-23 reporter This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14340 title FreeBSD : qt -- image loader vulnerabilities (ebffe27a-f48c-11d8-9837-000c41e2cdad) NASL family Fedora Local Security Checks NASL id FEDORA_2004-270.NASL description During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0692 and CVE-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14348 published 2004-08-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14348 title Fedora Core 1 : qt-3.1.2-14.2 (2004-270) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-479.NASL description Updated XFree86 packages that fix several security issues in libXpm, as well as other bug fixes, are now available for Red Hat Enterprise Linux 2.1. XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. During a source code audit, Chris Evans discovered several stack overflow flaws and an integer overflow flaw in the X.Org libXpm library used to decode XPM (X PixMap) images. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0687, CVE-2004-0688, and CVE-2004-0692 to these issues. These packages also contain a bug fix to lower the RGB output voltage on Dell servers using the ATI Radeon 7000m card. Users are advised to upgrade to these erratum packages which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15440 published 2004-10-08 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15440 title RHEL 2.1 : XFree86 (RHSA-2004:479) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200408-20.NASL description The remote host is affected by the vulnerability described in GLSA-200408-20 (Qt: Image loader overflows) There are several unspecified bugs in the QImage class which may cause crashes or allow execution of arbitrary code as the user running the Qt application. These bugs affect the PNG, XPM, BMP, GIF and JPEG image types. Impact : An attacker may exploit these bugs by causing a user to open a carefully-constructed image file in any one of these formats. This may be accomplished through e-mail attachments (if the user uses KMail), or by simply placing a malformed image on a website and then convicing the user to load the site in a Qt-based browser (such as Konqueror). Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Qt. last seen 2020-06-01 modified 2020-06-02 plugin id 14576 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14576 title GLSA-200408-20 : Qt: Image loader overflows NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-478.NASL description Updated XFree86 packages that fix several security flaws in libXpm, as well as other bugs, are now available for Red Hat Enterprise Linux 3. XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. During a source code audit, Chris Evans discovered several stack overflow flaws and an integer overflow flaw in the X.Org libXpm library used to decode XPM (X PixMap) images. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0687, CVE-2004-0688, and CVE-2004-0692 to these issues. A flaw was found in the X Display Manager (XDM). XDM is shipped with Red Hat Enterprise Linux, but is not used by default. XDM opened a chooserFd TCP socket even if the DisplayManager.requestPort parameter was set to 0. This allowed authorized users to access a machine remotely via X, even if the administrator had configured XDM to refuse such connections. Although XFree86 4.3.0 was not vulnerable to this issue, Red Hat Enterprise Linux 3 contained a backported patch which introduced this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0419 to this issue. Users are advised to upgrade to these erratum packages, which contain backported security patches to correct these and a number of other issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15426 published 2004-10-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15426 title RHEL 3 : XFree86 (RHSA-2004:478)
Oval
| accepted | 2013-04-29T04:04:41.443-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:10327 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. | ||||||||
| version | 27 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://marc.info/?l=bugtraq&m=110979666528890&w=2
- http://marc.info/?l=bugtraq&m=110979666528890&w=2
- http://security.gentoo.org/glsa/glsa-200408-20.xml
- http://security.gentoo.org/glsa/glsa-200408-20.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201610-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201610-1
- http://www.debian.org/security/2004/dsa-542
- http://www.debian.org/security/2004/dsa-542
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:085
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:085
- http://www.novell.com/linux/security/advisories/2004_27_qt3.html
- http://www.novell.com/linux/security/advisories/2004_27_qt3.html
- http://www.redhat.com/support/errata/RHSA-2004-414.html
- http://www.redhat.com/support/errata/RHSA-2004-414.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17041
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17041
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10327
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10327