{"id":"MGASA-2015-0105","summary":"Updated qt3, qt4 and qtbase5 packages fix security vulnerability","details":"The builtin BMP decoder in QtGui prior to Qt 5.5 contained a bug that would\nlead to a divsion by zero when loading certain corrupt BMP files (CVE-2015-0295).\nThis in turn would cause the application loading these hand crafted BMPs to crash.\nQt3, Qt4 and qtbase5 have been patched to prevent this division by zero.\n","modified":"2026-04-16T06:23:01.132622223Z","published":"2015-03-12T15:30:53Z","upstream":["CVE-2015-0295"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0105.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15383"},{"type":"WEB","url":"http://lists.qt-project.org/pipermail/announce/2015-February/000059.html"},{"type":"WEB","url":"https://bugreports.qt.io/browse/QTBUG-44547"}],"affected":[{"package":{"name":"qt3","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/qt3?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.8b-33.3.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0105.json"}},{"package":{"name":"qt4","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/qt4?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.8.6-1.2.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0105.json"}},{"package":{"name":"qtbase5","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/qtbase5?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.0-2.4.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0105.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}