Vulnerability CVE-2019-18281: Information

Description

An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-18281
Published: Oct. 23, 2019
Modified: Feb. 18, 2020
Error type identifier: CWE-119

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugreports.qt.io/browse/QTBUG-77819
  • Permissions Required
https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1848784
  • Issue Tracking
  • Third Party Advisory
https://codereview.qt-project.org/c/qt/qtbase/+/271889
  • Patch
  • Vendor Advisory
DSA-4556
  • Third Party Advisory
20191104 [SECURITY] [DSA 4556-1] qtbase-opensource-src security update
  • Mailing List
  • Third Party Advisory
USN-4275-1
    GLSA-202003-60

        1. Configuration 1

          cpe:2.3:a:qt:qtbase:*:*:*:*:*:*:*:*
          Start including
          5.11.0
          End including
          5.11.3
          cpe:2.3:a:qt:qtbase:*:*:*:*:*:*:*:*
          Start including
          5.12.0
          End excliding
          5.12.5

          Configuration 2

          cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
          cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.3
      Back to top