CVE-2015-1858

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
digiaqt
𝑥
≤ 4.8.6
qtqt
5.0.0
qtqt
5.0.1
qtqt
5.0.2
qtqt
5.1.0
qtqt
5.2.0
qtqt
5.2.1
qtqt
5.3.0
qtqt
5.4.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qtbase-opensource-src
bookworm
5.15.8+dfsg-11+deb12u2
fixed
bullseye
5.15.2+dfsg-9+deb11u1
fixed
sid
5.15.15+dfsg-2
fixed
trixie
5.15.15+dfsg-2
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qt4-x11
artful
Fixed 4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7
released
bionic
Fixed 4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7
released
cosmic
Fixed 4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7
released
lucid
ignored
precise
Fixed 4:4.8.1-0ubuntu4.9
released
trusty
Fixed 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1
released
utopic
Fixed 4:4.8.6+git49-gbc62005+dfsg-1ubuntu1.1
released
vivid
Fixed 4:4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu6.1
released
wily
Fixed 4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7
released
xenial
Fixed 4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7
released
yakkety
Fixed 4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7
released
zesty
Fixed 4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu7
released
qtbase-opensource-src
artful
ignored
bionic
not-affected
cosmic
not-affected
lucid
dne
precise
dne
trusty
Fixed 5.2.1+dfsg-1ubuntu14.3
released
utopic
Fixed 5.3.0+dfsg-2ubuntu9.1
released
vivid
Fixed 5.4.1+dfsg-2ubuntu4.1
released
wily
ignored
xenial
not-affected
yakkety
ignored
zesty
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libQt5Concurrent5
suse enterprise sap 12 SP5
5.6.2-6.15.2
fixed
suse enterprise server 12 SP5
5.6.2-6.15.2
fixed
libQt5Core5
suse enterprise sap 12
5.3.1-4.4.2
fixed
suse enterprise sap 12 SP5
5.6.2-6.15.2
fixed
suse enterprise server 12
5.3.1-4.4.2
fixed
suse enterprise server 12 SP5
5.6.2-6.15.2
fixed
libQt5DBus5
suse enterprise sap 12
5.3.1-4.4.2
fixed
suse enterprise sap 12 SP5
5.6.2-6.15.2
fixed
suse enterprise server 12
5.3.1-4.4.2
fixed
suse enterprise server 12 SP5
5.6.2-6.15.2
fixed
libQt5Gui5
suse enterprise sap 12
5.3.1-4.4.2
fixed
suse enterprise sap 12 SP5
5.6.2-6.15.2
fixed
suse enterprise server 12
5.3.1-4.4.2
fixed
suse enterprise server 12 SP5
5.6.2-6.15.2
fixed
libQt5Network5
suse enterprise sap 12 SP5
5.6.2-6.15.2
fixed
suse enterprise server 12 SP5
5.6.2-6.15.2
fixed
libQt5OpenGL5
suse enterprise sap 12 SP5
5.6.2-6.15.2
fixed
suse enterprise server 12 SP5
5.6.2-6.15.2
fixed
libQt5PrintSupport5
suse enterprise sap 12 SP5
5.6.2-6.15.2
fixed
suse enterprise server 12 SP5
5.6.2-6.15.2
fixed
libQt5Sql5
suse enterprise sap 12 SP5
5.6.2-6.15.2
fixed
suse enterprise server 12 SP5
5.6.2-6.15.2
fixed
libQt5Sql5-mysql
suse enterprise sap 12 SP5
5.6.2-6.15.2
fixed
suse enterprise server 12 SP5
5.6.2-6.15.2
fixed
libQt5Sql5-postgresql
suse enterprise sap 12 SP5
5.6.2-6.15.2
fixed
suse enterprise server 12 SP5
5.6.2-6.15.2
fixed
libQt5Sql5-sqlite
suse enterprise sap 12 SP5
5.6.2-6.15.2
fixed
suse enterprise server 12 SP5
5.6.2-6.15.2
fixed
libQt5Sql5-unixODBC
suse enterprise sap 12 SP5
5.6.2-6.15.2
fixed
suse enterprise server 12 SP5
5.6.2-6.15.2
fixed
libQt5Test5
suse enterprise sap 12 SP5
5.6.2-6.15.2
fixed
suse enterprise server 12 SP5
5.6.2-6.15.2
fixed
libQt5Widgets5
suse enterprise sap 12
5.3.1-4.4.2
fixed
suse enterprise sap 12 SP5
5.6.2-6.15.2
fixed
suse enterprise server 12
5.3.1-4.4.2
fixed
suse enterprise server 12 SP5
5.6.2-6.15.2
fixed
libQt5Xml5
suse enterprise sap 12 SP5
5.6.2-6.15.2
fixed
suse enterprise server 12 SP5
5.6.2-6.15.2
fixed
libqt4
suse enterprise sap 12
4.8.6-4.2
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-4.2
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-32bit
suse enterprise sap 12
4.8.6-4.2
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-4.2
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-qt3support
suse enterprise sap 12
4.8.6-4.2
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-4.2
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-qt3support-32bit
suse enterprise sap 12
4.8.6-4.2
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-4.2
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-sql
suse enterprise sap 12
4.8.6-4.2
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-4.2
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-sql-32bit
suse enterprise sap 12
4.8.6-4.2
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-4.2
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-sql-mysql
suse enterprise sap 12
4.8.6-4.1
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-4.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-sql-mysql-32bit
suse enterprise desktop 12
4.8.6-4.1
fixed
suse enterprise desktop 12 SP1
4.8.6-4.1
fixed
suse enterprise desktop 12 SP2
4.8.6-7.1
fixed
suse enterprise desktop 12 SP3
4.8.6-7.1
fixed
suse enterprise desktop 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12
4.8.6-4.1
fixed
suse enterprise sap 12 SP1
4.8.6-4.1
fixed
suse enterprise sap 12 SP2
4.8.6-7.1
fixed
suse enterprise sap 12 SP3
4.8.6-7.1
fixed
suse enterprise sap 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12 SP5
4.8.6-4.1
fixed
suse enterprise server 12
4.8.6-4.1
fixed
suse enterprise server 12 SP1
4.8.6-4.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.6-4.1
fixed
suse enterprise workstation 12
4.8.6-4.1
fixed
suse enterprise workstation 12 SP1
4.8.6-4.1
fixed
suse enterprise workstation 12 SP2
4.8.6-7.1
fixed
suse enterprise workstation 12 SP3
4.8.6-7.1
fixed
suse enterprise workstation 12 SP4
4.8.7-8.8.1
fixed
suse enterprise workstation 12 SP5
4.8.6-4.1
fixed
libqt4-sql-postgresql
suse enterprise desktop 12
4.8.6-4.1
fixed
suse enterprise desktop 12 SP1
4.8.6-4.1
fixed
suse enterprise desktop 12 SP2
4.8.6-7.1
fixed
suse enterprise desktop 12 SP3
4.8.6-7.1
fixed
suse enterprise desktop 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12
4.8.6-4.1
fixed
suse enterprise sap 12 SP1
4.8.6-4.1
fixed
suse enterprise sap 12 SP2
4.8.6-7.1
fixed
suse enterprise sap 12 SP3
4.8.6-7.1
fixed
suse enterprise sap 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12 SP5
4.8.6-4.1
fixed
suse enterprise server 12
4.8.6-4.1
fixed
suse enterprise server 12 SP1
4.8.6-4.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.6-4.1
fixed
suse enterprise workstation 12
4.8.6-4.1
fixed
suse enterprise workstation 12 SP1
4.8.6-4.1
fixed
suse enterprise workstation 12 SP2
4.8.6-7.1
fixed
suse enterprise workstation 12 SP3
4.8.6-7.1
fixed
suse enterprise workstation 12 SP4
4.8.7-8.8.1
fixed
suse enterprise workstation 12 SP5
4.8.6-4.1
fixed
libqt4-sql-postgresql-32bit
suse enterprise desktop 12
4.8.6-4.1
fixed
suse enterprise desktop 12 SP1
4.8.6-4.1
fixed
suse enterprise desktop 12 SP2
4.8.6-7.1
fixed
suse enterprise desktop 12 SP3
4.8.6-7.1
fixed
suse enterprise desktop 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12
4.8.6-4.1
fixed
suse enterprise sap 12 SP1
4.8.6-4.1
fixed
suse enterprise sap 12 SP2
4.8.6-7.1
fixed
suse enterprise sap 12 SP3
4.8.6-7.1
fixed
suse enterprise sap 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12 SP5
4.8.6-4.1
fixed
suse enterprise server 12
4.8.6-4.1
fixed
suse enterprise server 12 SP1
4.8.6-4.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.6-4.1
fixed
suse enterprise workstation 12
4.8.6-4.1
fixed
suse enterprise workstation 12 SP1
4.8.6-4.1
fixed
suse enterprise workstation 12 SP2
4.8.6-7.1
fixed
suse enterprise workstation 12 SP3
4.8.6-7.1
fixed
suse enterprise workstation 12 SP4
4.8.7-8.8.1
fixed
suse enterprise workstation 12 SP5
4.8.6-4.1
fixed
libqt4-sql-sqlite
suse enterprise sap 12
4.8.6-4.2
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-4.2
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-sql-sqlite-32bit
suse enterprise desktop 12
4.8.6-4.2
fixed
suse enterprise desktop 12 SP1
4.8.6-4.2
fixed
suse enterprise desktop 12 SP2
4.8.6-7.1
fixed
suse enterprise desktop 12 SP3
4.8.6-7.1
fixed
suse enterprise desktop 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12
4.8.6-4.2
fixed
suse enterprise sap 12 SP1
4.8.6-4.2
fixed
suse enterprise sap 12 SP2
4.8.6-7.1
fixed
suse enterprise sap 12 SP3
4.8.6-7.1
fixed
suse enterprise sap 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12 SP5
4.8.6-4.2
fixed
suse enterprise server 12
4.8.6-4.2
fixed
suse enterprise server 12 SP1
4.8.6-4.2
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.6-4.2
fixed
suse enterprise workstation 12
4.8.6-4.2
fixed
suse enterprise workstation 12 SP1
4.8.6-4.2
fixed
suse enterprise workstation 12 SP2
4.8.6-7.1
fixed
suse enterprise workstation 12 SP3
4.8.6-7.1
fixed
suse enterprise workstation 12 SP4
4.8.7-8.8.1
fixed
suse enterprise workstation 12 SP5
4.8.6-4.2
fixed
libqt4-sql-unixODBC
suse enterprise desktop 12
4.8.6-4.1
fixed
suse enterprise desktop 12 SP1
4.8.6-4.1
fixed
suse enterprise desktop 12 SP2
4.8.6-7.1
fixed
suse enterprise desktop 12 SP3
4.8.6-7.1
fixed
suse enterprise desktop 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12
4.8.6-4.1
fixed
suse enterprise sap 12 SP1
4.8.6-4.1
fixed
suse enterprise sap 12 SP2
4.8.6-7.1
fixed
suse enterprise sap 12 SP3
4.8.6-7.1
fixed
suse enterprise sap 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12 SP5
4.8.6-4.1
fixed
suse enterprise server 12
4.8.6-4.1
fixed
suse enterprise server 12 SP1
4.8.6-4.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.6-4.1
fixed
suse enterprise workstation 12
4.8.6-4.1
fixed
suse enterprise workstation 12 SP1
4.8.6-4.1
fixed
suse enterprise workstation 12 SP2
4.8.6-7.1
fixed
suse enterprise workstation 12 SP3
4.8.6-7.1
fixed
suse enterprise workstation 12 SP4
4.8.7-8.8.1
fixed
suse enterprise workstation 12 SP5
4.8.6-4.1
fixed
libqt4-sql-unixODBC-32bit
suse enterprise desktop 12
4.8.6-4.1
fixed
suse enterprise desktop 12 SP1
4.8.6-4.1
fixed
suse enterprise desktop 12 SP2
4.8.6-7.1
fixed
suse enterprise desktop 12 SP3
4.8.6-7.1
fixed
suse enterprise desktop 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12
4.8.6-4.1
fixed
suse enterprise sap 12 SP1
4.8.6-4.1
fixed
suse enterprise sap 12 SP2
4.8.6-7.1
fixed
suse enterprise sap 12 SP3
4.8.6-7.1
fixed
suse enterprise sap 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12 SP5
4.8.6-4.1
fixed
suse enterprise server 12
4.8.6-4.1
fixed
suse enterprise server 12 SP1
4.8.6-4.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.6-4.1
fixed
suse enterprise workstation 12
4.8.6-4.1
fixed
suse enterprise workstation 12 SP1
4.8.6-4.1
fixed
suse enterprise workstation 12 SP2
4.8.6-7.1
fixed
suse enterprise workstation 12 SP3
4.8.6-7.1
fixed
suse enterprise workstation 12 SP4
4.8.7-8.8.1
fixed
suse enterprise workstation 12 SP5
4.8.6-4.1
fixed
libqt4-x11
suse enterprise sap 12
4.8.6-4.2
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-4.2
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-x11-32bit
suse enterprise sap 12
4.8.6-4.2
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-4.2
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
qt4-x11-tools
suse enterprise sap 12
4.8.6-4.6
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-4.6
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html
http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
http://www.securityfocus.com/bid/74309
http://www.ubuntu.com/usn/USN-2626-1
https://codereview.qt-project.org/#/c/108312/
https://security.gentoo.org/glsa/201603-10
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html
http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
http://www.securityfocus.com/bid/74309
http://www.ubuntu.com/usn/USN-2626-1
https://codereview.qt-project.org/#/c/108312/
https://security.gentoo.org/glsa/201603-10