FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qt -- image loader vulnerabilities

Affected packages
qt < 3.3.3


VuXML ID ebffe27a-f48c-11d8-9837-000c41e2cdad
Discovery 2004-08-11
Entry 2004-08-22

Qt contains several vulnerabilities related to image loading, including possible crashes when loading corrupt GIF, BMP, or JPEG images. Most seriously, Chris Evans reports that the BMP crash is actually due to a heap buffer overflow. It is believed that an attacker may be able to construct a BMP image that could cause a Qt-using application to execute arbitrary code when it is loaded.


CVE Name CVE-2004-0691
CVE Name CVE-2004-0692
CVE Name CVE-2004-0693