FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qt -- image loader vulnerabilities

Affected packages
qt < 3.3.3

Details

VuXML ID ebffe27a-f48c-11d8-9837-000c41e2cdad
Discovery 2004-08-11
Entry 2004-08-22

Qt contains several vulnerabilities related to image loading, including possible crashes when loading corrupt GIF, BMP, or JPEG images. Most seriously, Chris Evans reports that the BMP crash is actually due to a heap buffer overflow. It is believed that an attacker may be able to construct a BMP image that could cause a Qt-using application to execute arbitrary code when it is loaded.

References

CVE Name CVE-2004-0691
CVE Name CVE-2004-0692
CVE Name CVE-2004-0693
URL http://scary.beasts.org/security/CESA-2004-004.txt
URL http://www.trolltech.com/developer/changes/changes-3.3.3.html