QtGui: Multiple vulnerabilities — GLSA 201603-10

Multiple vulnerabilities have been found in QtGui allowing remote attackers to execute arbitrary code or cause Denial of Service.

Affected Packages

dev-qt/qtgui on all architectures
Affected versions < 5.4.1-r1
Unaffected versions >= 5.4.1-r1
revision >= 4.8.6-r4
revision >= 4.8.7

Background

QtGui is the GUI module and platform plugins for the Qt framework

Description

Multiple buffer overflow vulnerabilities have been discovered in QtGui. It is possible for remote attackers to construct specially crafted BMP, ICO, or GIF images that lead to buffer overflows. After successfully overflowing the buffer the remote attacker can then cause a Denial of Service or execute arbitrary code.

Impact

A remote attacker could possibly execute arbitrary code or cause Denial of Service.

Workaround

There is no known work around at this time.

Resolution

All QtGui 4.8 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-4.8.6-r4"
 

All QtGui 5.4 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-5.4.1-r1"
 

References

Release Date
March 12, 2016

Latest Revision
March 12, 2016: 2

Severity
normal

Exploitable
remote

Bugzilla entries