CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
92.2%
Gentoo Linux Local Security Checks
# SPDX-FileCopyrightText: 2016 Eero Volotinen
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.121452");
script_version("2023-07-20T05:05:17+0000");
script_tag(name:"creation_date", value:"2016-03-14 15:52:46 +0200 (Mon, 14 Mar 2016)");
script_tag(name:"last_modification", value:"2023-07-20 05:05:17 +0000 (Thu, 20 Jul 2023)");
script_name("Gentoo Security Advisory GLSA 201603-10");
script_tag(name:"insight", value:"Multiple buffer overflow vulnerabilities have been discovered in QtGui. It is possible for remote attackers to construct specially crafted BMP, ICO, or GIF images that lead to buffer overflows. After successfully overflowing the buffer the remote attacker can then cause a Denial of Service or execute arbitrary code.");
script_tag(name:"solution", value:"Update the affected packages to the latest available version.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"https://security.gentoo.org/glsa/201603-10");
script_cve_id("CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"package");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
script_category(ACT_GATHER_INFO);
script_tag(name:"summary", value:"Gentoo Linux Local Security Checks");
script_copyright("Copyright (C) 2016 Eero Volotinen");
script_family("Gentoo Local Security Checks");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-gentoo.inc");
res = "";
report = "";
if((res=ispkgvuln(pkg:"dev-qt/qtgui", unaffected: make_list("ge 5.4.1-r1"), vulnerable: make_list() )) != NULL) {
report += res;
}
if((res=ispkgvuln(pkg:"dev-qt/qtgui", unaffected: make_list("ge 4.8.6-r4"), vulnerable: make_list() )) != NULL) {
report += res;
}
if((res=ispkgvuln(pkg:"dev-qt/qtgui", unaffected: make_list("ge 4.8.7"), vulnerable: make_list() )) != NULL) {
report += res;
}
if((res=ispkgvuln(pkg:"dev-qt/qtgui", unaffected: make_list(), vulnerable: make_list("lt 5.4.1-r1"))) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}