Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 384089 (CVE-2011-3194) - <x11-libs/qt-gui-4.7.4-r1: TIFF Grayscale Image Processing Buffer Overflow (CVE-2011-3194)
Summary: <x11-libs/qt-gui-4.7.4-r1: TIFF Grayscale Image Processing Buffer Overflow (C...
Alias: CVE-2011-3194
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on: qt-4.7.4-stable
  Show dependency tree
Reported: 2011-09-22 14:41 UTC by Agostino Sarubbo
Modified: 2012-07-12 00:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2011-09-22 14:41:06 UTC
From secunia security advisor at $URL:

The vulnerability is caused due to an error in the TIFF reader (src/gui/image/qtiffhandler.cpp) when processing grayscale images and can be exploited to cause a buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 4.7.4. Other versions may also be affected.

Fixed in the Git repository:
Comment 1 Agostino Sarubbo gentoo-dev 2011-12-01 23:10:47 UTC
Since qt 4.7.4 is ready for stabilization and after talked with Davide(pesa) on
irc, I add this bug as a blocker for the qt-stabilization tracker ( bug 390963

We fast stabilize asap after the patch on this bug will be applied
Comment 2 Davide Pesavento gentoo-dev 2011-12-03 00:44:03 UTC
Well... I think the advisory is wrong.
The proposed fix ( was committed to qt upstream repo more than a year ago. Indeed that patch does not apply to qt-gui-4.7.4. The code in qtiffhandler.cpp has evolved during this time and it's slightly different now, but afaict the bug *is* fixed in 4.7.4.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-12-09 00:15:20 UTC
The Novell bug at [1] says that [2] reliably reproduces the issue. Would it be possible to test using this file? Thank you.

Comment 4 Davide Pesavento gentoo-dev 2011-12-10 11:57:55 UTC
(In reply to comment #3)
> The Novell bug at [1] says that [2] reliably reproduces the issue. Would it be
> possible to test using this file? Thank you.
> [1]
> [2]

I can't reproduce the crash on 4.7.4
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-12-18 22:12:02 UTC
(In reply to comment #2)
> but afaict the bug *is* fixed in 4.7.4.

Ok, thanks. Let's depend on 390963 instead of blocking it.
Comment 6 Tim Sammut (RETIRED) gentoo-dev 2012-05-15 06:37:58 UTC
Thanks, everyone. GLSA request filed.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-06-03 11:52:09 UTC
This issue was resolved and addressed in
 GLSA 201206-02 at
by GLSA coordinator Sean Amoss (ackle).
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-07-12 00:37:23 UTC
CVE-2011-3194 (
  Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4
  allows remote attackers to cause a denial of service (crash) and possibly
  execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale
  TIFF image with multiple samples per pixel.