GLSA-201603-10 : QtGui: Multiple vulnerabilities

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-201603-10
(QtGui: Multiple vulnerabilities)

Multiple buffer overflow vulnerabilities have been discovered in QtGui.
It is possible for remote attackers to construct specially crafted BMP,
ICO, or GIF images that lead to buffer overflows. After successfully
overflowing the buffer the remote attacker can then cause a Denial of
Service or execute arbitrary code.

Impact :

A remote attacker could possibly execute arbitrary code or cause Denial
of Service.

Workaround :

There is no known work around at this time.

See also :

Solution :

All QtGui 4.8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-qt/qtgui-4.8.6-r4'
All QtGui 5.4 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-qt/qtgui-5.4.1-r1'

Risk factor :

Medium / CVSS Base Score : 6.8

Family: Gentoo Local Security Checks

Nessus Plugin ID: 89903 ()

Bugtraq ID:

CVE ID: CVE-2015-1858

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now