ID CVE-2004-0691
Summary Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:a:trolltech:qt:3.3.3
    cpe:2.3:a:trolltech:qt:3.3.3
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Qt BMP Parsing Bug Heap Overflow Exploit. CVE-2004-0691. Remote exploit for linux platform
id EDB-ID:408
last seen 2016-01-31
modified 2004-08-21
published 2004-08-21
reporter infamous41md
source https://www.exploit-db.com/download/408/
title Qt BMP Parsing Bug Heap Overflow Exploit
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-414.NASL
    description Updated qt packages that fix security issues in several of the image decoders are now available. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0692 and CVE-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 14326
    published 2004-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14326
    title RHEL 2.1 / 3 : qt (RHSA-2004:414)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200408-20.NASL
    description The remote host is affected by the vulnerability described in GLSA-200408-20 (Qt: Image loader overflows) There are several unspecified bugs in the QImage class which may cause crashes or allow execution of arbitrary code as the user running the Qt application. These bugs affect the PNG, XPM, BMP, GIF and JPEG image types. Impact : An attacker may exploit these bugs by causing a user to open a carefully-constructed image file in any one of these formats. This may be accomplished through e-mail attachments (if the user uses KMail), or by simply placing a malformed image on a website and then convicing the user to load the site in a Qt-based browser (such as Konqueror). Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Qt.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 14576
    published 2004-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14576
    title GLSA-200408-20 : Qt: Image loader overflows
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-271.NASL
    description During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0692 and CVE-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14349
    published 2004-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14349
    title Fedora Core 2 : qt-3.3.3-0.1 (2004-271)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-270.NASL
    description During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0692 and CVE-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14348
    published 2004-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14348
    title Fedora Core 1 : qt-3.1.2-14.2 (2004-270)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-542.NASL
    description Several vulnerabilities were discovered in recent versions of Qt, a commonly used graphic widget set, used in KDE for example. The first problem allows an attacker to execute arbitrary code, while the other two only seem to pose a denial of service danger. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2004-0691 : Chris Evans has discovered a heap-based overflow when handling 8-bit RLE encoded BMP files. - CAN-2004-0692 : Marcus Meissner has discovered a crash condition in the XPM handling code, which is not yet fixed in Qt 3.3. - CAN-2004-0693 : Marcus Meissner has discovered a crash condition in the GIF handling code, which is not yet fixed in Qt 3.3.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15379
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15379
    title Debian DSA-542-1 : qt - unsanitised input
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-085.NASL
    description Chris Evans discovered a heap-based overflow in the QT library when handling 8-bit RLE encoded BMP files. This vulnerability could allow for the compromise of the account used to view or browse malicious BMP files. On subsequent investigation, it was also found that the handlers for XPM, GIF, and JPEG image types were also faulty. These problems affect all applications that use QT to handle image files, such as QT-based image viewers, the Konqueror web browser, and others. The updated packages have been patched to correct these problems.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14334
    published 2004-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14334
    title Mandrake Linux Security Advisory : qt3 (MDKSA-2004:085)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2004-236-01.NASL
    description New Qt packages are available for Slackware 9.0, 9.1, 10.0, and -current to fix security issues. Bugs in the routines that handle PNG, BMP, GIF, and JPEG images may allow an attacker to cause unauthorized code to execute when a specially crafted image file is processed. These flaws may also cause crashes that lead to a denial of service.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 18767
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18767
    title Slackware 10.0 / 9.0 / 9.1 / current : Qt (SSA:2004-236-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SA_2004_027.NASL
    description The remote host is missing the patch for the advisory SUSE-SA:2004:027 (qt3/qt3-non-mt/qt3-32bit/qt3-static). The QT-library is an environment for GUI-programming and is used in various well-known projects, like KDE. There is a heap overflow in the BMP image format parser. An attacker, exploiting this flaw, would need to be able to coerce a local user or program to process a specially crafted image file. Upon successful exploitation, the attacker would be able to execute arbitrary code. In addition, there are 2 distinct flaws within the XPM parser which, when exploited, lead to a Denial of Service (DoS).
    last seen 2019-02-21
    modified 2010-10-06
    plugin id 14322
    published 2004-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14322
    title SUSE-SA:2004:027: qt3/qt3-non-mt/qt3-32bit/qt3-static
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_QT_333.NASL
    description Qt contains several vulnerabilities related to image loading, including possible crashes when loading corrupt GIF, BMP, or JPEG images. Most seriously, Chris Evans reports that the BMP crash is actually due to a heap buffer overflow. It is believed that an attacker may be able to construct a BMP image that could cause a Qt-using application to execute arbitrary code when it is loaded.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 14340
    published 2004-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14340
    title FreeBSD : qt -- image loader vulnerabilities (ebffe27a-f48c-11d8-9837-000c41e2cdad)
oval via4
accepted 2013-04-29T04:19:42.398-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.
family unix
id oval:org.mitre.oval:def:9485
status accepted
submitted 2010-07-09T03:56:16-04:00
title Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.
version 24
redhat via4
advisories
rhsa
id RHSA-2004:414
refmap via4
bugtraq 20040818 CESA-2004-004: qt
debian DSA-542
gentoo GLSA-200408-20
mandrake MDKSA-2004:085
sunalert 201610
suse SUSE-SA:2004:027
xf qt-bmp-bo(17040)
Last major update 17-10-2016 - 22:47
Published 28-09-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top