Created qt tracking bugs for this issue:

Affects: fedora-all [bug 1210677]

References:

Upstream advisory:
http://lists.qt-project.org/pipermail/announce/2015-April/000067.html

qt5-qtbase-5.4.1-9.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.

To the best of my knowledge, Qt 3 is NOT vulnerable to this issue, for the following reason:
The security fix from Qt 4 changes the relevant code sequence in the BMP/DIB reader from "protection, get characters, update p" to "get characters, protection, update p". The Qt 3 code was already using the correct "get characters, protection, update p" order. ("get characters" increments the x and y variables, "protection" checks them.) The character reading code was modified for Qt 4, apparently introducing this bug.

Qt 4 and Qt 5 are vulnerable, and Fedora updates correcting this vulnerability have been issued.

Wouldn't this and the others also affect mingw-qt and mingw-qt5-qtbase?

qt-4.8.6-28.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.

qt5-qtbase-5.4.1-9.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

qt5-qtbase-5.4.1-9.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

qt5-qtbase-5.4.1-9.el7 has been pushed to the Fedora EPEL 7 stable repository.  If problems still persist, please make note of it in this bug report.

qt-4.8.6-28.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.