From secunia security advisor at $URL:
The vulnerability is caused due to an error in the TIFF reader (src/gui/image/qtiffhandler.cpp) when processing grayscale images and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 4.7.4. Other versions may also be affected.
Fixed in the Git repository:
Since qt 4.7.4 is ready for stabilization and after talked with Davide(pesa) on
irc, I add this bug as a blocker for the qt-stabilization tracker ( bug 390963
We fast stabilize asap after the patch on this bug will be applied
Well... I think the advisory is wrong.
The proposed fix (https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465) was committed to qt upstream repo more than a year ago. Indeed that patch does not apply to qt-gui-4.7.4. The code in qtiffhandler.cpp has evolved during this time and it's slightly different now, but afaict the bug *is* fixed in 4.7.4.
The Novell bug at  says that  reliably reproduces the issue. Would it be possible to test using this file? Thank you.
(In reply to comment #3)
> The Novell bug at  says that  reliably reproduces the issue. Would it be
> possible to test using this file? Thank you.
>  https://bugzilla.novell.com/show_bug.cgi?id=637275
>  https://bugzilla.novell.com/attachment.cgi?id=387705
I can't reproduce the crash on 4.7.4
(In reply to comment #2)
> but afaict the bug *is* fixed in 4.7.4.
Ok, thanks. Let's depend on 390963 instead of blocking it.
Thanks, everyone. GLSA request filed.
This issue was resolved and addressed in
GLSA 201206-02 at http://security.gentoo.org/glsa/glsa-201206-02.xml
by GLSA coordinator Sean Amoss (ackle).
Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4
allows remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale
TIFF image with multiple samples per pixel.