Vigil@nce - Qt: NULL pointer dereference via QtGui GIF
May 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious GIF image, to dereference a
NULL pointer in QtGui of Qt, in order to trigger a denial of
service.
Impacted products: Fedora, Unix (platform)
Severity: 2/4
Creation date: 28/04/2014
DESCRIPTION OF THE VULNERABILITY
The Qt product uses QtGui to decode GIF images.
However, the src/gui/image/qgifhandler.cpp file does not check if
a pointer is NULL, before using it.
An attacker can therefore create a malicious GIF image, to
dereference a NULL pointer in QtGui of Qt, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Qt-NULL-pointer-dereference-via-QtGui-GIF-14669