Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 60902

Summary: Heap overflow in qt-3.3x and qt-3.2.x
Product: Gentoo Security Reporter: Marc Ballarin <Ballarin.Marc>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: critical CC: gentoo_bugs.gebhardt
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://lists.suse.com/archive/suse-security-announce/2004-Aug/0005.html
Whiteboard:
Package list:
Runtime testing required: ---

Description Marc Ballarin 2004-08-19 08:42:21 UTC 
Mandrake (http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:085)
and Suse (http://lists.suse.com/archive/suse-security-announce/2004-Aug/0005.html)
have released security updates for QT.

Obviously there is a critical Heap Overflow in handlers for various image formats.

Reproducible: Didn't try
Steps to Reproduce:
Comment 1 SpanKY gentoo-dev 2004-08-19 08:49:29 UTC 
*** Bug 60903 has been marked as a duplicate of this bug. ***
Comment 2 Daniel Gebhardt 2004-08-19 09:02:22 UTC 
Well, it seems as if if QT 3.3.3 is not effected.

quote http://www.trolltech.com/developer/changes/changes-3.3.3.html:

--start quote--

- QImage
    Included fix for buffer overflow in libPNG.
    Fixed bug that made copy constructor not copy the entire image.
    Allow XPM images with colors that have more than one word in the
    name.
    Fixed crash when trying to load a corrupt/invalid BMP image.
    Fixed crash when trying to load a corrupt/invalid GIF image.
    Fixed crash when trying to load a JPEG image that is too big.
    Fixed bug that caused dotsPerMeter() to be ignored when saving
    JPEG images.

--end quote--

Isn't this Bug a dublicate of Bug# 60855?
( http://bugs.gentoo.org/show_bug.cgi?id=60855 )

Daniel
Comment 3 Chris White (RETIRED) gentoo-dev 2004-08-19 10:02:11 UTC 
Indeed it is.

*** This bug has been marked as a duplicate of 60855 ***