FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-30 04:04:33 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
5713bfda-e27d-11e4-b2ce-5453ed2e2b49	qt4-imageformats, qt4-gui, qt5-gui -- Multiple Vulnerabilities in Qt Image Format Handling Richard J. Moore reports: Due to two recent vulnerabilities identified in the built-in image format handling code, it was decided that this area required further testing to determine if further issues remained. Fuzzing using afl-fuzz located a number of issues in the handling of BMP, ICO and GIF files. The issues exposed included denial of service and buffer overflows leading to heap corruption. It is possible the latter could be used to perform remote code execution. Discovery 2015-04-12 Entry 2015-04-14 qt4-imageformats < 4.8.6_3 qt4-gui < 4.8.6_5 qt5-gui < 5.4.1_1 http://lists.qt-project.org/pipermail/announce/2015-April/000067.html CVE-2015-1858 CVE-2015-1859 CVE-2015-1860
904d78b8-0f7e-11e4-8b71-5453ed2e2b49	qt4-imageformats, qt5-gui -- DoS vulnerability in the GIF image handler Richard J. Moore reports: The builtin GIF decoder in QtGui prior to Qt 5.3 contained a bug that would lead to a null pointer dereference when loading certain hand crafted corrupt GIF files. This in turn would cause the application loading these hand crafted GIFs to crash. Discovery 2014-04-24 Entry 2014-07-19 Modified 2014-07-21 qt4-imageformats < 4.8.6_1 qt5-gui < 5.2.1_4 CVE-2014-0190 67087 http://lists.qt-project.org/pipermail/announce/2014-April/000045.html

VuXML ID

Description

5713bfda-e27d-11e4-b2ce-5453ed2e2b49

qt4-imageformats, qt4-gui, qt5-gui -- Multiple Vulnerabilities in Qt Image Format Handling

Richard J. Moore reports:

Due to two recent vulnerabilities identified in the built-in image format handling code, it was decided that this area required further testing to determine if further issues remained. Fuzzing using afl-fuzz located a number of issues in the handling of BMP, ICO and GIF files. The issues exposed included denial of service and buffer overflows leading to heap corruption. It is possible the latter could be used to perform remote code execution.

Discovery 2015-04-12
Entry 2015-04-14
qt4-imageformats

< 4.8.6_3

qt4-gui

< 4.8.6_5

qt5-gui

< 5.4.1_1

http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
CVE-2015-1858
CVE-2015-1859
CVE-2015-1860

904d78b8-0f7e-11e4-8b71-5453ed2e2b49

qt4-imageformats, qt5-gui -- DoS vulnerability in the GIF image handler

Richard J. Moore reports:

The builtin GIF decoder in QtGui prior to Qt 5.3 contained a bug that would lead to a null pointer dereference when loading certain hand crafted corrupt GIF files. This in turn would cause the application loading these hand crafted GIFs to crash.

Discovery 2014-04-24
Entry 2014-07-19
Modified 2014-07-21
qt4-imageformats

< 4.8.6_1

qt5-gui

< 5.2.1_4

CVE-2014-0190
67087
http://lists.qt-project.org/pipermail/announce/2014-April/000045.html