Vigil@nce - Qt: denial of service via BMP
April 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the user of a Qt application to use a
malicious BMP image, in order to trigger a denial of service.
Impacted products: Fedora, openSUSE, Unix (platform)
Severity: 2/4
Creation date: 24/03/2015
DESCRIPTION OF THE VULNERABILITY
The Qt product supports images in BMP format.
However, if the color mask is invalid, the read_dib_body()
function performs a division by zero.
An attacker can therefore invite the user of a Qt application to
use a malicious BMP image, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Qt-denial-of-service-via-BMP-16446