QT contains a buffer overflow on greyscale images with multiple samples per pixel. From the upstream commit: https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465 fix tiff reader to handle TIFFTAG_SAMPLESPERPIXEL for grayscale images This commit fixes reading a .tiff file from ImageMagick which reports the following: TIFFTAG_BITSPERSAMPLE = 8 TIFFTAG_SAMPLESPERPIXEL = 2 TIFFTAG_PHOTOMETRIC = PHOTOMETRIC_MINISBLACK The reader uses QImage::Format_Indexed8, but since the samples per pixel value this should be (non-existent) QImage::Format_Indexed16, causing memory corruption. The fix falls back to the "normal" way of reading tiff images.
Created attachment 522048 [details] Upstream patch
This issue affects the version of qt shipped with Red Hat Enterprise Linux 6. This issue does not affect the version of qt shipped with Red Hat Enterprise Linux 4. This issue does not affect the version of qt and qt4 shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of qt and qt3 shipped with Red Hat Enterprise Linux 6. -- This issue affects the version of qt shipped with Fedora-14 and Fedora-15
Created qt tracking bugs for this issue Affects: fedora-all [bug 736575]
We may also want to consider this patch while fixing the issue: https://qt.gitorious.org/qt/qt/commit/c9d2445bc3bbccd3cc6cfb95f09108cabe981840 Reference: https://bugreports.qt.nokia.com//browse/QTBUG-19878 https://bugreports.qt.nokia.com/browse/QTBUG-20167
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1323 https://rhn.redhat.com/errata/RHSA-2011-1323.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1328 https://rhn.redhat.com/errata/RHSA-2011-1328.html