CVE-2015-1860

2015-05-1219:59:00

CWE-119

[email protected]

web.nvd.nist.gov

buffer overflow

qtbase

denial of service

remote attackers

arbitrary code

gif image

cve-2015-1860

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.042 Low

EPSS

Percentile

92.2%

JSON

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.

CPENameOperatorVersion
fedoraproject:fedorafedoraproject fedoraeq22
fedoraproject:fedorafedoraproject fedoraeq20
fedoraproject:fedorafedoraproject fedoraeq21
digia:qtdigia qtle4.8.6
qt:qtqteq5.0.1
qt:qtqteq5.0.0
qt:qtqteq5.1.0
qt:qtqteq5.2.0
qt:qtqteq5.3.0
qt:qtqteq5.4.1

CPE	Name	Operator	Version
fedoraproject:fedora	fedoraproject fedora	eq	22
fedoraproject:fedora	fedoraproject fedora	eq	20
fedoraproject:fedora	fedoraproject fedora	eq	21
digia:qt	digia qt	le	4.8.6
qt:qt	qt	eq	5.0.1
qt:qt	qt	eq	5.0.0
qt:qt	qt	eq	5.1.0
qt:qt	qt	eq	5.2.0
qt:qt	qt	eq	5.3.0
qt:qt	qt	eq	5.4.1