Debian Security Advisory

DLA-117-1 qt4-x11 -- LTS security update

Date Reported:
21 Dec 2014
Affected Packages:
qt4-x11
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2011-3193, CVE-2011-3194.
More information:
  • CVE-2011-3193

    Check for buffer overflow in Lookup_MarkMarkPos that may cause crash in this function with certain fonts.

  • CVE-2011-3194

    Fix tiff reader to handle TIFFTAG_SAMPLESPERPIXEL for grayscale images. The reader uses QImage::Format_Indexed8, but since the samples per pixel value this should be (non-existent) QImage::Format_Indexed16, causing memory corruption. The fix falls back to the normal way of reading tiff images.

For Debian 6 Squeeze, these issues have been fixed in qt4-x11 version 4:4.6.3-4+squeeze2