Fluid Attacks Database

Description

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	qtbase-opensource-src	>=0 <5.3.2+dfsg-5	5.3.2+dfsg-5
debian 12	qtbase-opensource-src	>=0 <5.3.2+dfsg-5	5.3.2+dfsg-5
debian 13	qtbase-opensource-src	>=0 <5.3.2+dfsg-5	5.3.2+dfsg-5
rpm rhel6	qt	-	-
debian 14	qtbase-opensource-src	>=0 <5.3.2+dfsg-5	5.3.2+dfsg-5
rpm rhel7	qt	-	-
rpm rhel5	qt4	-	-
rpm rhel6	qt3	-	-
rpm rhel5	qt	-	-
rpm rhel7	qt3	-	-

Aliases

1. CVE-2015-02952. NVD-2015-02953. OSV-DEBIAN-2015-02954. OSV-2015-02955. SECURITY-TRACKER-CVE-2015-0295

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.