5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.044 Low
EPSS
Percentile
92.3%
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the
masks used to extract the color components, which allows remote attackers
to cause a denial of service (divide-by-zero and crash) via a crafted BMP
file.
Author | Note |
---|---|
mdeslaur | debian released 4:4.8.6+git64-g5dc8b2b+dfsg-3 with this fix, but ubuntu’s package was based on an unreleased snapshot and didn’t include the patch. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | qt4-x11 | < 4:4.8.1-0ubuntu4.9 | UNKNOWN |
ubuntu | 14.04 | noarch | qt4-x11 | < 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1 | UNKNOWN |
ubuntu | 14.10 | noarch | qt4-x11 | < 4:4.8.6+git49-gbc62005+dfsg-1ubuntu1.1 | UNKNOWN |
ubuntu | 15.04 | noarch | qt4-x11 | < 4:4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu6.1 | UNKNOWN |
ubuntu | 14.04 | noarch | qtbase-opensource-src | < 5.2.1+dfsg-1ubuntu14.3 | UNKNOWN |
ubuntu | 14.10 | noarch | qtbase-opensource-src | < 5.3.0+dfsg-2ubuntu9.1 | UNKNOWN |