[Announce] Qt Security Advisory: DoS vulnerability in the GIF image handler

List for announcements regarding Qt releases and development announce at qt-project.org
Thu Apr 24 20:48:21 CEST 2014


Qt Project Security Advisory
----------------------------

Title:        DoS vulnerability in the GIF image handler
Risk Rating:  Low
CVE:          CVE-2014-0190
Platforms:    All
Modules:      QtBase
Versions:     All versions before 5.3
Author:       Richard J. Moore <rich at kde.org> and Lars Knoll <lars.knoll at digia.com>
Date:         24 April 2014

Overview
--------

The builtin GIF decoder in QtGui prior to Qt 5.3 contained a bug that would lead
to a null pointer dereference when loading certain hand crafted corrupt GIF files.
This in turn would cause the application loading these hand crafted GIFs to crash.

Details
-------

It is possible to construct GIF files with invalid width and height specifications that
would cause Qt to not create an image for them. The resulting null pointer for the
image data would then get dereferenced for writing into it leading to a crash in the
application. Qt versions prior to 5.3 did not properly check for the image data being
null before accessing it.

Impact
------

An application loading the malicious GIF file will crash.

Workaround
----------

None

Solution
--------

Upgrade to Qt 5.3 once released or apply the patches below:

For Qt 5.0 to 5.2:

https://codereview.qt-project.org/#change,84034

For Qt 4.8:

https://codereview.qt-project.org/#change,84035

Credits
=======

The Qt security team would like to thank Wolfgang Schenk for reporting the issue and Rich Moore for
providing the initial analysis and fix.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/announce/attachments/20140424/7f175133/attachment.html>


More information about the Announce mailing list