VDB

GCVE-110-MAGEIA-2016-12

GCVE-110-MAGEIA-2016-12
Advisory Published
Vulnetix · Advisory published January 14, 2016
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library (CVE-2015-7501). With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.

Affected Products

VendorProductVersionsPlatforms
Mageiaqtsvg50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqtwebkit5-examples-and-demos0 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqt-creator0 (affected), 3.4.2-1.mga5 (unaffected)
Mageiaqtbase50 (affected), 5.4.2-1.1.mga5 (unaffected)
Mageiaqtserialport50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaapache-commons-collections0 (affected), 3.2.1-24.1.mga5 (unaffected), 0 (affected), 3.2.1-24.1.mga5 (unaffected)
Mageiaqttranslations50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqtimageformats50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqtconnectivity50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqttools50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqtdeclarative50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqtquick50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqtmultimedia50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqtwebkit50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqtdoc50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqtgraphicaleffects50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqtquickcontrols50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqtlocation50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqtwayland50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqtenginio50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqtwebsockets50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiapython-qt50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqtscript50 (affected), 5.4.2-1.mga5 (unaffected)
Mageiaqtwebchannel55.4.2-1.mga5 (unaffected), 0 (affected)
Mageiaqtx11extras55.4.2-1.mga5 (unaffected), 0 (affected)
Mageiapython-sip0 (affected), 4.16.9-1.mga5 (unaffected)
Mageiaqtxmlpatterns50 (affected), 5.4.2-1.mga5 (unaffected)

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›