Bug 921999 - (CVE-2015-0295) VUL-1: CVE-2015-0295: libqt5-qtbase,libqt4,qt: division by zero when processing malformed BMP files
(CVE-2015-0295)
VUL-1: CVE-2015-0295: libqt5-qtbase,libqt4,qt: division by zero when process...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/114686/
maint:released:sle11-sp3:61769 wasL3:...
: DSLA_REQUIRED, DSLA_SOLUTION_PROVIDED
Depends on:
Blocks: 936523
  Show dependency treegraph
 
Reported: 2015-03-12 13:09 UTC by Andreas Stieger
Modified: 2019-11-05 15:37 UTC (History)
8 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
repro image from https://bugreports.qt.io/browse/QTBUG-44547 (18.52 KB, image/bmp)
2015-03-12 13:09 UTC, Andreas Stieger
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-03-12 13:09:43 UTC
Created attachment 626595 [details]
repro image from https://bugreports.qt.io/browse/QTBUG-44547

Via maintenance request from openSUSE maintainer

When opening specially crafted BMP (originally has it's compression type set to 0 (none), but was changed to 3 (bitfield) with a hex editor) as a QImage, the application crashes with SIGFPE. Can be tested in Qt Creator (attach as resource) or other applications using QImage.

Image attached. No impact beyond DoS. Rated low.

https://bugreports.qt.io/browse/QTBUG-44547

All SLE versions seem to be affected (checked code)

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0295
https://bugreports.qt.io/browse/QTBUG-44547
Comment 1 Swamp Workflow Management 2015-03-12 23:00:23 UTC
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2015-03-23 17:06:01 UTC
openSUSE-SU-2015:0573-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 875470,883374,902670,905742,921999
CVE References: CVE-2014-0190,CVE-2014-3494,CVE-2014-8483,CVE-2014-8600,CVE-2015-0295
Sources used:
openSUSE 13.1 (src):    kdebase4-runtime-4.11.5-482.6, kdelibs4-4.11.5-488.2, kdelibs4-apidocs-4.11.5-488.3, konversation-1.5.1-3.4.3, kwebkitpart-1.3.3-2.4.1, libqt4-4.8.5-5.17.1, libqt4-devel-doc-4.8.5-5.17.2, libqt4-sql-plugins-4.8.5-5.17.1
Comment 3 Swamp Workflow Management 2015-04-20 11:18:02 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-05-04.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61570
Comment 4 Dirk Mueller 2015-05-07 11:43:38 UTC
submitted the fix to openSUSE:Factory
Comment 10 Andreas Stieger 2015-05-13 14:56:33 UTC
bug 921999, bug 927806, bug 927807, bug 927808 affect libqt5-qtbase on SLE 12. Assigning to maintainer for submission.
Comment 13 Swamp Workflow Management 2015-06-01 13:05:07 UTC
SUSE-SU-2015:0977-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 921999,927806,927807,927808
CVE References: CVE-2015-0295,CVE-2015-1858,CVE-2015-1859,CVE-2015-1860
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    libqt4-4.6.3-5.34.2, libqt4-devel-doc-4.6.3-5.34.2, libqt4-devel-doc-data-4.6.3-5.34.2, libqt4-sql-plugins-4.6.3-5.34.2
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    libqt4-4.6.3-5.34.2, libqt4-devel-doc-4.6.3-5.34.2, libqt4-sql-plugins-4.6.3-5.34.2
SUSE Linux Enterprise Server 11 SP3 (src):    libqt4-4.6.3-5.34.2, libqt4-devel-doc-4.6.3-5.34.2, libqt4-sql-plugins-4.6.3-5.34.2
SUSE Linux Enterprise Desktop 11 SP3 (src):    libqt4-4.6.3-5.34.2, libqt4-sql-plugins-4.6.3-5.34.2
Comment 26 L3 Incident Coordination 2015-06-30 10:11:02 UTC
L3 is closed since bsc#936523 is opened for the PTF request
Ya Dan Fan
Comment 27 Swamp Workflow Management 2015-08-07 09:11:04 UTC
SUSE-SU-2015:1359-1: An update that solves four vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 847880,921999,927806,927807,927808,929688
CVE References: CVE-2015-0295,CVE-2015-1858,CVE-2015-1859,CVE-2015-1860
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    libqt4-4.8.6-4.2, libqt4-sql-plugins-4.8.6-4.1
SUSE Linux Enterprise Software Development Kit 12 (src):    libqt4-4.8.6-4.2, libqt4-devel-doc-4.8.6-4.6, libqt4-sql-plugins-4.8.6-4.1
SUSE Linux Enterprise Server 12 (src):    libqt4-4.8.6-4.2, libqt4-devel-doc-4.8.6-4.6, libqt4-sql-plugins-4.8.6-4.1
SUSE Linux Enterprise Desktop 12 (src):    libqt4-4.8.6-4.2, libqt4-sql-plugins-4.8.6-4.1
Comment 28 Swamp Workflow Management 2015-08-14 11:09:58 UTC
SUSE-SU-2015:1383-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 870151,921999,927806,927807,927808
CVE References: CVE-2015-0295,CVE-2015-1858,CVE-2015-1859,CVE-2015-1860
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    libqt5-qtbase-5.3.1-4.4.2
SUSE Linux Enterprise Server 12 (src):    libqt5-qtbase-5.3.1-4.4.2
SUSE Linux Enterprise Desktop 12 (src):    libqt5-qtbase-5.3.1-4.4.2
Comment 29 Marcus Meissner 2015-12-08 16:11:29 UTC
released