Unrated severityNVD Advisory· Published May 12, 2015· Updated May 6, 2026

CVE-2015-1860

Description

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.

Affected products

osv-coords18 versions
pkg:rpm/opensuse/qt3&distro=openSUSE%20Tumbleweed pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 3.3.8c-140.6+ 17 more
- (no CPE)range: < 3.3.8c-140.6
- (no CPE)range: < 4.8.6-4.6
- (no CPE)range: < 4.8.6-4.6
- (no CPE)range: < 4.8.6-4.6
- (no CPE)range: < 4.8.6-4.2
- (no CPE)range: < 4.8.6-4.2
- (no CPE)range: < 4.8.6-4.2
- (no CPE)range: < 4.8.6-4.2
- (no CPE)range: < 4.8.6-4.2
- (no CPE)range: < 4.8.6-4.1
- (no CPE)range: < 4.8.6-4.1
- (no CPE)range: < 4.8.6-4.1
- (no CPE)range: < 4.8.6-4.1
- (no CPE)range: < 4.8.6-4.1
- (no CPE)range: < 5.3.1-4.4.2
- (no CPE)range: < 5.3.1-4.4.2
- (no CPE)range: < 5.3.1-4.4.2
- (no CPE)range: < 5.3.1-4.4.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.htmlnvdPatchThird Party Advisory
lists.qt-project.org/pipermail/announce/2015-April/000067.htmlnvdPatchVendor Advisory
codereview.qt-project.orgnvdPatch
lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.htmlnvdThird Party Advisory
www.securityfocus.com/bid/74302nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2626-1nvd
security.gentoo.org/glsa/201603-10nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000