Unrated severityNVD Advisory· Published Mar 25, 2015· Updated May 6, 2026
CVE-2015-0295
CVE-2015-0295
Description
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
Affected products
19- osv-coords19 versionspkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/qt3&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 5.7.0-2.2+ 18 more
- (no CPE)range: < 5.7.0-2.2
- (no CPE)range: < 3.3.8c-140.6
- (no CPE)range: < 4.8.6-4.6
- (no CPE)range: < 4.8.6-4.6
- (no CPE)range: < 4.8.6-4.6
- (no CPE)range: < 4.8.6-4.2
- (no CPE)range: < 4.8.6-4.2
- (no CPE)range: < 4.8.6-4.2
- (no CPE)range: < 4.8.6-4.2
- (no CPE)range: < 4.8.6-4.2
- (no CPE)range: < 4.8.6-4.1
- (no CPE)range: < 4.8.6-4.1
- (no CPE)range: < 4.8.6-4.1
- (no CPE)range: < 4.8.6-4.1
- (no CPE)range: < 4.8.6-4.1
- (no CPE)range: < 5.3.1-4.4.2
- (no CPE)range: < 5.3.1-4.4.2
- (no CPE)range: < 5.3.1-4.4.2
- (no CPE)range: < 5.3.1-4.4.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- lists.qt-project.org/pipermail/announce/2015-February/000059.htmlnvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-03/msg00068.htmlnvd
- www.securityfocus.com/bid/73029nvd
- www.ubuntu.com/usn/USN-2626-1nvd
News mentions
0No linked articles in our index yet.