ID CVE-2004-0692
Summary The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693.
References
Vulnerable Configurations
  • cpe:2.3:a:trolltech:qt:3.3.3
    cpe:2.3:a:trolltech:qt:3.3.3
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-414.NASL
    description Updated qt packages that fix security issues in several of the image decoders are now available. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0692 and CVE-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 14326
    published 2004-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14326
    title RHEL 2.1 / 3 : qt (RHSA-2004:414)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200408-20.NASL
    description The remote host is affected by the vulnerability described in GLSA-200408-20 (Qt: Image loader overflows) There are several unspecified bugs in the QImage class which may cause crashes or allow execution of arbitrary code as the user running the Qt application. These bugs affect the PNG, XPM, BMP, GIF and JPEG image types. Impact : An attacker may exploit these bugs by causing a user to open a carefully-constructed image file in any one of these formats. This may be accomplished through e-mail attachments (if the user uses KMail), or by simply placing a malformed image on a website and then convicing the user to load the site in a Qt-based browser (such as Konqueror). Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Qt.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 14576
    published 2004-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14576
    title GLSA-200408-20 : Qt: Image loader overflows
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-542.NASL
    description Several vulnerabilities were discovered in recent versions of Qt, a commonly used graphic widget set, used in KDE for example. The first problem allows an attacker to execute arbitrary code, while the other two only seem to pose a denial of service danger. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2004-0691 : Chris Evans has discovered a heap-based overflow when handling 8-bit RLE encoded BMP files. - CAN-2004-0692 : Marcus Meissner has discovered a crash condition in the XPM handling code, which is not yet fixed in Qt 3.3. - CAN-2004-0693 : Marcus Meissner has discovered a crash condition in the GIF handling code, which is not yet fixed in Qt 3.3.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15379
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15379
    title Debian DSA-542-1 : qt - unsanitised input
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-085.NASL
    description Chris Evans discovered a heap-based overflow in the QT library when handling 8-bit RLE encoded BMP files. This vulnerability could allow for the compromise of the account used to view or browse malicious BMP files. On subsequent investigation, it was also found that the handlers for XPM, GIF, and JPEG image types were also faulty. These problems affect all applications that use QT to handle image files, such as QT-based image viewers, the Konqueror web browser, and others. The updated packages have been patched to correct these problems.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14334
    published 2004-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14334
    title Mandrake Linux Security Advisory : qt3 (MDKSA-2004:085)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2004-236-01.NASL
    description New Qt packages are available for Slackware 9.0, 9.1, 10.0, and -current to fix security issues. Bugs in the routines that handle PNG, BMP, GIF, and JPEG images may allow an attacker to cause unauthorized code to execute when a specially crafted image file is processed. These flaws may also cause crashes that lead to a denial of service.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 18767
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18767
    title Slackware 10.0 / 9.0 / 9.1 / current : Qt (SSA:2004-236-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SA_2004_027.NASL
    description The remote host is missing the patch for the advisory SUSE-SA:2004:027 (qt3/qt3-non-mt/qt3-32bit/qt3-static). The QT-library is an environment for GUI-programming and is used in various well-known projects, like KDE. There is a heap overflow in the BMP image format parser. An attacker, exploiting this flaw, would need to be able to coerce a local user or program to process a specially crafted image file. Upon successful exploitation, the attacker would be able to execute arbitrary code. In addition, there are 2 distinct flaws within the XPM parser which, when exploited, lead to a Denial of Service (DoS).
    last seen 2019-02-21
    modified 2010-10-06
    plugin id 14322
    published 2004-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14322
    title SUSE-SA:2004:027: qt3/qt3-non-mt/qt3-32bit/qt3-static
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-478.NASL
    description Updated XFree86 packages that fix several security flaws in libXpm, as well as other bugs, are now available for Red Hat Enterprise Linux 3. XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. During a source code audit, Chris Evans discovered several stack overflow flaws and an integer overflow flaw in the X.Org libXpm library used to decode XPM (X PixMap) images. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0687, CVE-2004-0688, and CVE-2004-0692 to these issues. A flaw was found in the X Display Manager (XDM). XDM is shipped with Red Hat Enterprise Linux, but is not used by default. XDM opened a chooserFd TCP socket even if the DisplayManager.requestPort parameter was set to 0. This allowed authorized users to access a machine remotely via X, even if the administrator had configured XDM to refuse such connections. Although XFree86 4.3.0 was not vulnerable to this issue, Red Hat Enterprise Linux 3 contained a backported patch which introduced this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0419 to this issue. Users are advised to upgrade to these erratum packages, which contain backported security patches to correct these and a number of other issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 15426
    published 2004-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15426
    title RHEL 3 : XFree86 (RHSA-2004:478)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_QT_333.NASL
    description Qt contains several vulnerabilities related to image loading, including possible crashes when loading corrupt GIF, BMP, or JPEG images. Most seriously, Chris Evans reports that the BMP crash is actually due to a heap buffer overflow. It is believed that an attacker may be able to construct a BMP image that could cause a Qt-using application to execute arbitrary code when it is loaded.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 14340
    published 2004-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14340
    title FreeBSD : qt -- image loader vulnerabilities (ebffe27a-f48c-11d8-9837-000c41e2cdad)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-479.NASL
    description Updated XFree86 packages that fix several security issues in libXpm, as well as other bug fixes, are now available for Red Hat Enterprise Linux 2.1. XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. During a source code audit, Chris Evans discovered several stack overflow flaws and an integer overflow flaw in the X.Org libXpm library used to decode XPM (X PixMap) images. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0687, CVE-2004-0688, and CVE-2004-0692 to these issues. These packages also contain a bug fix to lower the RGB output voltage on Dell servers using the ATI Radeon 7000m card. Users are advised to upgrade to these erratum packages which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 15440
    published 2004-10-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15440
    title RHEL 2.1 : XFree86 (RHSA-2004:479)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_BF2E7483D3FA440D8C6E8F1F2F018818.NASL
    description Trevor Johnson reported that the Red Hat Linux RPMs used by linux_base contained multiple older vulnerabilities, such as a DNS resolver issue and critical bugs in X font handling and XPM image handling.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 19106
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19106
    title FreeBSD : linux_base -- vulnerabilities in Red Hat 7.1 libraries (bf2e7483-d3fa-440d-8c6e-8f1f2f018818)
oval via4
accepted 2013-04-29T04:04:41.443-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693.
family unix
id oval:org.mitre.oval:def:10327
status accepted
submitted 2010-07-09T03:56:16-04:00
title The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693.
version 24
redhat via4
advisories
rhsa
id RHSA-2004:414
refmap via4
debian DSA-542
fedora FLSA:2314
gentoo GLSA-200408-20
mandrake MDKSA-2004:085
sunalert 201610
suse SUSE-SA:2004:027
xf qt-xpm-dos(17041)
Last major update 17-10-2016 - 22:47
Published 28-09-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top