Vulnerabilities > CVE-2015-0295 - Numeric Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2015-111-13.NASL description New qt packages are available for Slackware 14.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 82926 published 2015-04-22 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82926 title Slackware 14.1 / current : qt (SSA:2015-111-13) NASL family Fedora Local Security Checks NASL id FEDORA_2015-2866.NASL description DoS vulnerability in the BMP image handler (CVE-2015-0295) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-03-09 plugin id 81680 published 2015-03-09 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81680 title Fedora 22 : qt-4.8.6-25.fc22 (2015-2866) NASL family Fedora Local Security Checks NASL id FEDORA_2015-2897.NASL description DoS vulnerability in the BMP image handler (CVE-2015-0295) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-03-09 plugin id 81682 published 2015-03-09 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81682 title Fedora 20 : qt-4.8.6-25.fc20 (2015-2897) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-0977-1.NASL description The libqt4 library was updated to fix several security issues : CVE-2015-0295: Division by zero when processing malformed BMP files. (bsc#921999) CVE-2015-1858: Segmentation fault in BMP Qt Image Format Handling. (bsc#927806) CVE-2015-1859: Segmentation fault in ICO Qt Image Format Handling. (bsc#927807) CVE-2015-1860: Segmentation fault in GIF Qt Image Format Handling. (bsc#927808) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 83946 published 2015-06-02 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83946 title SUSE SLED11 / SLES11 Security Update : libqt4 (SUSE-SU-2015:0977-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-251.NASL description KDE and QT were updated to fix security issues and bugs. The following vulerabilities were fixed : - CVE-2014-0190: Malformed GIF files could have crashed QT based applications - CVE-2015-0295: Malformed BMP files could have crashed QT based applications - CVE-2014-8600: Multiple cross-site scripting (XSS) vulnerabilities in the KDE runtime could have allowed remote attackers to insert arbitrary web script or HTML via crafted URIs using one of several supported URL schemes - CVE-2014-8483: A missing size check in the Blowfish ECB could have lead to a crash of Konversation or 11 byte information leak - CVE-2014-3494: The KMail POP3 kioslave accepted invalid certifiates and allowed a man-in-the-middle (MITM) attack Additionally, Konversation was updated to 1.5.1 to fix bugs. last seen 2020-06-05 modified 2015-03-24 plugin id 82014 published 2015-03-24 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82014 title openSUSE Security Update : kdebase4-runtime / kdelibs4 / konversation / etc (openSUSE-2015-251) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2626-1.NASL description Wolfgang Schenk discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-0190) Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. (CVE-2015-0295) Richard Moore and Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1858) Richard Moore and Fabian Vogt discovered that Qt incorrectly handled certain malformed ICO images. If a user or automated system were tricked into opening a specially crafted ICO image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1859) Richard Moore and Fabian Vogt discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1860). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 83989 published 2015-06-04 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83989 title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : qt4-x11, qtbase-opensource-src vulnerabilities (USN-2626-1) NASL family Fedora Local Security Checks NASL id FEDORA_2015-2901.NASL description This update fixes CVE-2015-0295, a division by zero when loading some specific invalid BMP/DIB image files, which could be exploited for denial of service (application crash) attacks. The security patch is backported from Qt 4. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-03-10 plugin id 81715 published 2015-03-10 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81715 title Fedora 20 : qt3-3.3.8b-62.fc20 (2015-2901) NASL family Fedora Local Security Checks NASL id FEDORA_2015-2869.NASL description This update fixes CVE-2015-0295, a division by zero when loading some specific invalid BMP/DIB image files, which could be exploited for denial of service (application crash) attacks. The security patch is backported from Qt 4. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-03-10 plugin id 81713 published 2015-03-10 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81713 title Fedora 22 : qt3-3.3.8b-62.fc22 (2015-2869) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1359-1.NASL description The libqt4 library was updated to fix several security and non security issues. The following vulnerabilities were fixed : - bsc#921999: CVE-2015-0295: division by zero when processing malformed BMP files - bsc#927806: CVE-2015-1858: segmentation fault in BMP Qt Image Format Handling - bsc#927807: CVE-2015-1859: segmentation fault in ICO Qt Image Format Handling - bsc#927808: CVE-2015-1860: segmentation fault in GIF Qt Image Format Handling The following non-secuirty issues were fixed : - bsc#929688: Critical Problem in Qt Network Stack - bsc#847880: kde/qt rendering error in qemu cirrus i586 - Update use-freetype-default.diff to use same method as with libqt5-qtbase package: Qt itself already does runtime check whether subpixel rendering is available, but only when FT_CONFIG_OPTION_SUBPIXEL_RENDERING is defined. Thus it is enough to only remove that condition - The -devel subpackage requires Mesa-devel, not only at build time - Fixed compilation on SLE_11_SP3 by making it build against Mesa-devel on that system - Replace patch l-qclipboard_fix_recursive.patch with qtcore-4.8.5-qeventdispatcher-recursive.patch. The later one seems to work better and really resolves the issue in LibreOffice - Added kde4_qt_plugin_path.patch, so kde4 plugins are magically found/known outside kde4 enviroment/session - added _constraints. building took up to 7GB of disk space on s390x, and more than 6GB on x86_64 - Add 3 patches for Qt bugs to make LibreOffice KDE4 file picker work properly again : - Add glib-honor-ExcludeSocketNotifiers-flag.diff (QTBUG-37380) - Add l-qclipboard_fix_recursive.patch (QTBUG-34614) - Add l-qclipboard_delay.patch (QTBUG-38585) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85374 published 2015-08-13 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85374 title SUSE SLED12 / SLES12 Security Update : libqt4 (SUSE-SU-2015:1359-1) NASL family Fedora Local Security Checks NASL id FEDORA_2015-2886.NASL description This update fixes CVE-2015-0295, a division by zero when loading some specific invalid BMP/DIB image files, which could be exploited for denial of service (application crash) attacks. The security patch is backported from Qt 4. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-03-10 plugin id 81714 published 2015-03-10 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81714 title Fedora 21 : qt3-3.3.8b-62.fc21 (2015-2886) NASL family Fedora Local Security Checks NASL id FEDORA_2015-6932.NASL description Fix CVE-2015-0295, CVE-2015-1858, CVE-2015-1859 and CVE-2015-1860 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-04 plugin id 83215 published 2015-05-04 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83215 title Fedora 22 : mingw-qt5-qtbase-5.4.1-2.fc22 (2015-6932) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-210.NASL description This update fixes multiple security issues in the Qt library. CVE-2013-0254 The QSharedMemory class uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. CVE-2015-0295 / CVE-2015-1858 / CVE-2015-1859 / CVE-2015-1860 Denial of service (via segmentation faults) through crafted images (BMP, GIF, ICO). NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-05-01 plugin id 83164 published 2015-05-01 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83164 title Debian DLA-210-1 : qt4-x11 security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2381.NASL description According to the versions of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.(CVE-2013-4549) - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.(CVE-2018-19871) - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.(CVE-2018-15518) - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.(CVE-2018-19872) - Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.(CVE-2015-1858) - Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.(CVE-2015-1859) - Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.(CVE-2015-1860) - The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.(CVE-2015-0295) - The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.(CVE-2014-0190) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-10 plugin id 131873 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131873 title EulerOS 2.0 SP2 : qt (EulerOS-SA-2019-2381) NASL family Fedora Local Security Checks NASL id FEDORA_2015-6925.NASL description Fix CVE-2015-0295, CVE-2015-1858, CVE-2015-1859 and CVE-2015-1860 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-05 plugin id 83241 published 2015-05-05 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83241 title Fedora 21 : mingw-qt5-qtbase-5.4.1-2.fc21 (2015-6925) NASL family Fedora Local Security Checks NASL id FEDORA_2015-2895.NASL description DoS vulnerability in the BMP image handler (CVE-2015-0295) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-03-05 plugin id 81617 published 2015-03-05 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81617 title Fedora 21 : qt-4.8.6-25.fc21 (2015-2895) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C9C3374DC2C111E4B2365453ED2E2B49.NASL description Richard J. Moore reports : The builtin BMP decoder in QtGui prior to Qt 5.5 contained a bug that would lead to a division by zero when loading certain corrupt BMP files. This in turn would cause the application loading these hand crafted BMPs to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 81619 published 2015-03-05 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81619 title FreeBSD : qt4-gui, qt5-gui -- DoS vulnerability in the BMP image handler (c9c3374d-c2c1-11e4-b236-5453ed2e2b49) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1383-1.NASL description This security update fixes the following issues : - Add libqt5-Fix-a-division-by-zero-processing-malformed-BMP.p atch - QTBUG-44547, bsc#921999 (CVE-2015-0295) - Add libqt5-Fixes-crash-in-bmp-and-ico-image-decoding.patch - bsc#927806 (CVE-2015-1858), bsc#927807 (CVE-2015-1859) - Add libqt5-Fixes-crash-in-gif-image-decoder.patch - bsc#927808 (CVE-2015-1860) - Add libqt5-fix-use-after-free-bug.patch from upstream - fixes the use-after-free bug in backingstore, boo#870151 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85504 published 2015-08-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85504 title SUSE SLED12 / SLES12 Security Update : libqt5-qtbase (SUSE-SU-2015:1383-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2656.NASL description According to the versions of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.(CVE-2018-19872) - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.(CVE-2018-19871) - Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.(CVE-2015-1858) - Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.(CVE-2015-1860) - Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.(CVE-2015-1859) - QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.(CVE-2013-4549) - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.(CVE-2018-15518) - The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.(CVE-2015-0295) - The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.(CVE-2014-0190) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-18 plugin id 132191 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132191 title EulerOS 2.0 SP3 : qt (EulerOS-SA-2019-2656)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
- http://lists.qt-project.org/pipermail/announce/2015-February/000059.html
- http://www.securityfocus.com/bid/73029
- http://www.ubuntu.com/usn/USN-2626-1