Opened 10 years ago
Closed 10 years ago
#5040 closed defect (fixed)
CVE-2014-0190 - Affects Qt4 and Qt5
| Reported by: | Fernando de Oliveira | Owned by: | Fernando de Oliveira |
|---|---|---|---|
| Priority: | high | Milestone: | 7.6 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
https://bugzilla.redhat.com/show_bug.cgi?id=1088142
http://lists.qt-project.org/pipermail/announce/2014-April/000045.html
Qt Security Advisory: DoS vulnerability in the GIF image handler
Solution -------- Upgrade to Qt 5.3 once released or apply the patches below: For Qt 5.0 to 5.2: https://codereview.qt-project.org/#change,84034 For Qt 4.8: https://codereview.qt-project.org/#change,84035
Change History (4)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
Thanks, Bruce.
I need to stop now. I'll do it first thing in the morning, if not done before that by someone else.
comment:3 by , 10 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Note:
See TracTickets
for help on using tickets.
Basically one line:
if (image->isNull()) { state = Error; return -1; }
Added to src/gui/image/qgifhandler.cpp after line 361 for both qt5 and qt4.
sed -i -e '631a if (image->isNull()) { state = Error; return -1; }' \