{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-29T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2015-6114", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"}, {"name": "74307", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74307"}, {"name": "FEDORA-2015-6123", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"}, {"name": "74310", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74310"}, {"name": "GLSA-201603-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201603-10"}, {"name": "FEDORA-2015-6315", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"}, {"name": "FEDORA-2015-6364", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"}, {"name": "USN-2626-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2626-1"}, {"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"}, {"name": "FEDORA-2015-6252", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:54:16.334Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2015-6114", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"}, {"name": "74307", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74307"}, {"name": "FEDORA-2015-6123", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"}, {"name": "74310", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74310"}, {"name": "GLSA-201603-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201603-10"}, {"name": "FEDORA-2015-6315", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"}, {"name": "FEDORA-2015-6364", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"}, {"name": "USN-2626-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2626-1"}, {"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"}, {"name": "FEDORA-2015-6252", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-1859", "datePublished": "2015-05-12T19:00:00", "dateReserved": "2015-02-17T00:00:00", "dateUpdated": "2024-08-06T04:54:16.334Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*", "matchCriteriaId": "86E76F78-582E-4473-BF2F-70452F0B6AD5", "versionEndIncluding": "4.8.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "20079A6C-A3B9-4492-BC1F-A3B668F326D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3E42429B-0123-428E-AD62-23000CDF7343", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D60AFED7-9707-4FB7-817D-E2DE4BCABE97", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2980C52-9843-4A39-B164-76E9583F2D7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de buffer en plugins/imageformats/ico/qicohandler.cpp en el m\u00f3dulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n y ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen ICO manipulada."}], "id": "CVE-2015-1859", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-05-12T19:59:05.957", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74307"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/74310"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2626-1"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201603-10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74307"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/74310"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2626-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201603-10"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Richard Moore (KDE) for reporting this issue.", "bugzilla": {"description": "qt: segmentation fault in qicohandler.cpp", "id": "1210674", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210674"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-122->CWE-125->CWE-787->CWE-805", "details": ["Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.", "A memory corruption flaw was found in the way Qt handled certain Icon (ICO) files. If a user loaded a specially crafted ICO image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application."], "name": "CVE-2015-1859", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "qt", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "qt4", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "qt", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qt3", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "qt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qt3", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-03-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1859\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1859"], "threat_severity": "Moderate"}