FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qt4-gui, qt5-gui -- DoS vulnerability in the BMP image handler

Affected packages
qt4-gui < 4.8.6_4
qt5-gui < 5.3.2_2

Details

VuXML ID c9c3374d-c2c1-11e4-b236-5453ed2e2b49
Discovery 2015-02-22
Entry 2015-03-05

Richard J. Moore reports:

The builtin BMP decoder in QtGui prior to Qt 5.5 contained a bug that would lead to a division by zero when loading certain corrupt BMP files. This in turn would cause the application loading these hand crafted BMPs to crash.

References

CVE Name CVE-2015-0295
Message http://lists.qt-project.org/pipermail/announce/2015-February/000059.html