ID CVE-2014-0190
Summary The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.
References
Vulnerable Configurations
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • Digia Qt 4.0.0
    cpe:2.3:a:digia:qt:4.0.0
  • Digia Qt 4.0.1
    cpe:2.3:a:digia:qt:4.0.1
  • Digia Qt 4.1.0
    cpe:2.3:a:digia:qt:4.1.0
  • Digia Qt 4.1.1
    cpe:2.3:a:digia:qt:4.1.1
  • Digia Qt 4.1.2
    cpe:2.3:a:digia:qt:4.1.2
  • Digia Qt 4.1.3
    cpe:2.3:a:digia:qt:4.1.3
  • Digia Qt 4.1.4
    cpe:2.3:a:digia:qt:4.1.4
  • Digia Qt 4.1.5
    cpe:2.3:a:digia:qt:4.1.5
  • Digia Qt 4.2.0
    cpe:2.3:a:digia:qt:4.2.0
  • Digia Qt 4.2.1
    cpe:2.3:a:digia:qt:4.2.1
  • Digia Qt 4.2.3
    cpe:2.3:a:digia:qt:4.2.3
  • Digia Qt 4.3.0
    cpe:2.3:a:digia:qt:4.3.0
  • Digia Qt 4.3.1
    cpe:2.3:a:digia:qt:4.3.1
  • Digia Qt 4.3.2
    cpe:2.3:a:digia:qt:4.3.2
  • Digia Qt 4.3.3
    cpe:2.3:a:digia:qt:4.3.3
  • Digia Qt 4.3.4
    cpe:2.3:a:digia:qt:4.3.4
  • Digia Qt 4.3.5
    cpe:2.3:a:digia:qt:4.3.5
  • Digia Qt 4.4.0
    cpe:2.3:a:digia:qt:4.4.0
  • Digia Qt 4.4.1
    cpe:2.3:a:digia:qt:4.4.1
  • Digia Qt 4.4.2
    cpe:2.3:a:digia:qt:4.4.2
  • Digia Qt 4.4.3
    cpe:2.3:a:digia:qt:4.4.3
  • Digia Qt 4.5.0
    cpe:2.3:a:digia:qt:4.5.0
  • Digia Qt 4.5.1
    cpe:2.3:a:digia:qt:4.5.1
  • Digia Qt 4.5.2
    cpe:2.3:a:digia:qt:4.5.2
  • Digia Qt 4.5.3
    cpe:2.3:a:digia:qt:4.5.3
  • Digia Qt 4.6.0
    cpe:2.3:a:digia:qt:4.6.0
  • Digia Qt 4.6.0 release candidate 1
    cpe:2.3:a:digia:qt:4.6.0:rc1
  • Digia Qt 4.6.1
    cpe:2.3:a:digia:qt:4.6.1
  • Digia Qt 4.6.2
    cpe:2.3:a:digia:qt:4.6.2
  • Digia Qt 4.6.3
    cpe:2.3:a:digia:qt:4.6.3
  • Digia Qt 4.6.4
    cpe:2.3:a:digia:qt:4.6.4
  • Digia Qt 4.6.5
    cpe:2.3:a:digia:qt:4.6.5
  • Digia Qt 4.6.5 Release Candidate
    cpe:2.3:a:digia:qt:4.6.5:rc
  • Digia Qt 4.7.0
    cpe:2.3:a:digia:qt:4.7.0
  • Digia Qt 4.7.1
    cpe:2.3:a:digia:qt:4.7.1
  • Digia Qt 4.7.2
    cpe:2.3:a:digia:qt:4.7.2
  • Digia Qt 4.7.3
    cpe:2.3:a:digia:qt:4.7.3
  • Digia Qt 4.7.4
    cpe:2.3:a:digia:qt:4.7.4
  • Digia Qt 4.7.5
    cpe:2.3:a:digia:qt:4.7.5
  • Digia Qt 4.7.6
    cpe:2.3:a:digia:qt:4.7.6
  • Digia Qt 4.7.6 Release Candidate
    cpe:2.3:a:digia:qt:4.7.6:rc
  • Digia Qt 4.8.0
    cpe:2.3:a:digia:qt:4.8.0
  • Digia Qt 4.8.1
    cpe:2.3:a:digia:qt:4.8.1
  • Digia Qt 4.8.2
    cpe:2.3:a:digia:qt:4.8.2
  • Digia Qt 4.8.3
    cpe:2.3:a:digia:qt:4.8.3
  • Digia Qt 4.8.4
    cpe:2.3:a:digia:qt:4.8.4
  • Digia Qt 4.8.5
    cpe:2.3:a:digia:qt:4.8.5
  • Digia Qt 5.0.0
    cpe:2.3:a:digia:qt:5.0.0
  • Digia Qt 5.0.1
    cpe:2.3:a:digia:qt:5.0.1
  • Digia Qt 5.0.2
    cpe:2.3:a:digia:qt:5.0.2
  • Digia Qt 5.1.0
    cpe:2.3:a:digia:qt:5.1.0
  • Digia Qt 5.2.0
    cpe:2.3:a:digia:qt:5.2.0
  • Digia Qt 5.2.1
    cpe:2.3:a:digia:qt:5.2.1
  • Fedora 20
    cpe:2.3:o:fedoraproject:fedora:20
CVSS
Base: 4.3 (as of 25-09-2015 - 12:43)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_904D78B80F7E11E48B715453ED2E2B49.NASL
    description Richard J. Moore reports : The builtin GIF decoder in QtGui prior to Qt 5.3 contained a bug that would lead to a NULL pointer dereference when loading certain hand crafted corrupt GIF files. This in turn would cause the application loading these hand crafted GIFs to crash.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 76615
    published 2014-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76615
    title FreeBSD : qt4-imageformats, qt5-gui -- DoS vulnerability in the GIF image handler (904d78b8-0f7e-11e4-8b71-5453ed2e2b49)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-5695.NASL
    description New upstream stable bugfix release, as well as a fix for : - DoS vulnerability in the GIF image handler (QTBUG-38367) See also http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-releas ed/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 73817
    published 2014-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73817
    title Fedora 20 : qt-4.8.6-2.fc20 (2014-5695)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-25.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-25 (QtGui: Denial of Service) A NULL pointer dereference has been found in QtGui. Impact : A remote attacker could send a specially crafted GIF image, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 79978
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79978
    title GLSA-201412-25 : QtGui: Denial of Service
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-6922.NASL
    description This update fixes a DoS in the Qt 3 GIF image handler (CVE-2014-0190, QTBUG-38367), through a patch backported from Qt 4. It also fixes the path settings in qt.sh for ppc64le, and in qt.csh for both ppc64 and ppc64le. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 74409
    published 2014-06-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74409
    title Fedora 20 : qt3-3.3.8b-58.fc20 (2014-6922)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-6003.NASL
    description - Update to 4.8.6 - Fix DoS vulnerability in the GIF image handler (QTBUG-38367) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 74001
    published 2014-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74001
    title Fedora 20 : mingw-qt-4.8.6-1.fc20 (2014-6003)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-6896.NASL
    description This update fixes a DoS in the Qt 3 GIF image handler (CVE-2014-0190, QTBUG-38367), through a patch backported from Qt 4. It also fixes the path settings in qt.sh for ppc64le, and in qt.csh for both ppc64 and ppc64le. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 74405
    published 2014-06-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74405
    title Fedora 19 : qt3-3.3.8b-58.fc19 (2014-6896)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-5988.NASL
    description Fix invalid reference to qtmain when using CMake (RHBZ #1092465) Fix DoS vulnerability in the GIF image handler (QTBUG-38367, RHBZ #1092837) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 73999
    published 2014-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73999
    title Fedora 20 : mingw-qt5-qtbase-5.2.1-3.fc20 (2014-5988)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-5999.NASL
    description - Fix invalid reference to qtmain when using CMake (RHBZ #1092465) - Fix DoS vulnerability in the GIF image handler (QTBUG-38367, RHBZ #1092837) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 74000
    published 2014-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74000
    title Fedora 19 : mingw-qt5-qtbase-5.2.1-3.fc19 (2014-5999)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-6083.NASL
    description New upstream stable bugfix release, as well as a fix for : DoS vulnerability in the GIF image handler (QTBUG-38367). See also http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 74165
    published 2014-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74165
    title Fedora 19 : qt-4.8.6-5.fc19 (2014-6083)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-6028.NASL
    description - Update to 4.8.6 - Fix DoS vulnerability in the GIF image handler (QTBUG-38367) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 74002
    published 2014-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74002
    title Fedora 19 : mingw-qt-4.8.6-1.fc19 (2014-6028)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2626-1.NASL
    description Wolfgang Schenk discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-0190) Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. (CVE-2015-0295) Richard Moore and Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1858) Richard Moore and Fabian Vogt discovered that Qt incorrectly handled certain malformed ICO images. If a user or automated system were tricked into opening a specially crafted ICO image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1859) Richard Moore and Fabian Vogt discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1860). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 83989
    published 2015-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83989
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : qt4-x11, qtbase-opensource-src vulnerabilities (USN-2626-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-251.NASL
    description KDE and QT were updated to fix security issues and bugs. The following vulerabilities were fixed : - CVE-2014-0190: Malformed GIF files could have crashed QT based applications - CVE-2015-0295: Malformed BMP files could have crashed QT based applications - CVE-2014-8600: Multiple cross-site scripting (XSS) vulnerabilities in the KDE runtime could have allowed remote attackers to insert arbitrary web script or HTML via crafted URIs using one of several supported URL schemes - CVE-2014-8483: A missing size check in the Blowfish ECB could have lead to a crash of Konversation or 11 byte information leak - CVE-2014-3494: The KMail POP3 kioslave accepted invalid certifiates and allowed a man-in-the-middle (MITM) attack Additionally, Konversation was updated to 1.5.1 to fix bugs.
    last seen 2019-02-21
    modified 2015-03-24
    plugin id 82014
    published 2015-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82014
    title openSUSE Security Update : kdebase4-runtime / kdelibs4 / konversation / etc (openSUSE-2015-251)
refmap via4
bid 67087
confirm https://bugs.kde.org/show_bug.cgi?id=333404
fedora
  • FEDORA-2014-5695
  • FEDORA-2014-6896
  • FEDORA-2014-6922
mlist [Announce] 20140424 Qt Security Advisory: DoS vulnerability in the GIF image handler
suse openSUSE-SU-2015:0573
ubuntu USN-2626-1
Last major update 30-12-2016 - 21:59
Published 08-05-2014 - 10:29
Last modified 30-10-2018 - 12:27
Back to Top