58526 – (CVE-2004-0693) VUL-0: CVE-2004-0693: opera: uses vulnerable version of QT lib

Bug 58526 (CVE-2004-0693) - VUL-0: CVE-2004-0693: opera: uses vulnerable version of QT lib

Summary: VUL-0: CVE-2004-0693: opera: uses vulnerable version of QT lib

Status:	RESOLVED FIXED

Alias:	CVE-2004-0693

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	All Linux

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Lukas Tinkl
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2004-0693: CVSS v2 Base Score: 5....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2004-08-05 16:49 UTC by Thomas Biege
Modified:	2021-09-26 10:30 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Biege 2004-08-05 16:49:23 UTC

Hello Lukas, 
please have a look at bug 58356 
 
This bug is still private.

Comment 1 Thomas Biege 2004-08-05 16:49:23 UTC

<!-- SBZ_reproduce  -->
-

Comment 2 Marcus Meissner 2004-08-05 16:55:16 UTC

its also using a static version of the vulnerable libpng (for which we 
released an update yesterday)

Comment 3 Lukas Tinkl 2004-08-05 17:37:12 UTC

So I expect an updated version of Opera released very shortly...

Comment 4 Lukas Tinkl 2004-09-15 21:42:43 UTC

Fixed packages submitted

Comment 5 Lukas Tinkl 2004-09-20 18:48:32 UTC

Packages in STABLE now contain an Opera binary that's linked against the shared
Qt library version, I guess this is fixed now. Thomas?

What to do with the backport? 

christian.westgaard@opera.com wrote:

And when it comes to ulnerabilities in the Qt library:
Heap-based buffer overflow in the BMP image format parser for the QT library
(qt3) before 3.3.3 allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code.
http://cgi.nessus.org/cve.php3?cve=CAN-2004-0691

The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to
cause a denial of service (application crash) via a malformed image file that
triggers a null dereference, a different vulnerability than CAN-2004-0693.
http://cgi.nessus.org/cve.php3?cve=CAN-2004-0692

The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to
cause a denial of service (application crash) via a malformed image file that
triggers a null dereference, a different vulnerability than CAN-2004-0692.
http://cgi.nessus.org/cve.php3?cve=CAN-2004-0693

We have our own image decoders, as in we don't use Qt's image decoders.
We do use QFileDialog, but the file type images displayed there are
ASFAIK linked into the Qt library and cannot be exploited.

Comment 6 Thomas Biege 2004-09-20 18:56:36 UTC

> Packages in STABLE now contain an Opera binary that's linked against the 
> shared Qt library version, I guess this is fixed now. Thomas? 
 
Yes, it is. :) 
 
 
Hm, older versions need to be verified by watching testimgaes. 
I'll collect a list of them and be back...

Comment 7 Thomas Biege 2004-09-20 19:05:36 UTC

example pics: 
	http://scary.beasts.org/misc/bad.bmp 
	http://scary.beasts.org/misc/crash.gif 
	http://bugzilla.suse.de/attachment.cgi?id=14441&action=view 
 
For more details and patches used: 
	http://bugzilla.suse.de/show_bug.cgi?id=43356

Comment 8 Thomas Biege 2004-09-29 22:49:47 UTC

packages approved...

Comment 9 Thomas Biege 2009-10-13 20:31:09 UTC

CVE-2004-0693: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)