Errata ALT-PU-2019-2659-1: Information
Fixes
Published: Feb. 22, 2019
BDU:2019-00921
Уязвимость функции QGifHandler кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Dec. 26, 2018
BDU:2019-00922
Уязвимость функции QXMLStreamReader компонента QXmlStream кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании или получить несанкционированный доступ к информации
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 22, 2019
BDU:2019-00951
Уязвимость класса QBmpHandler кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании или получить несанкционированный доступ к информации
Severity: HIGH (7.5)
Links:
Published: July 9, 2018
BDU:2021-03456
Уязвимость компонента qsvghandler.cpp кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с недостатком механизма проверки вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Aug. 24, 2018
BDU:2021-03457
Уязвимость компонента QTgaFile кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибкой механизма контроля расходуемых ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: July 13, 2018
BDU:2021-03458
Уязвимость компонента qppmhandler.cpp кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с делением на ноль, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Dec. 27, 2018
Modified: Sept. 28, 2020
Modified: Sept. 28, 2020
CVE-2018-15518
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- https://codereview.qt-project.org/#/c/236691/
- https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
- openSUSE-SU-2018:4261
- [debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update
- DSA-4374
- [debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update
- USN-4003-1
- RHSA-2019:2135
- RHSA-2019:3390
- openSUSE-SU-2020:1452
- openSUSE-SU-2020:1500
- openSUSE-SU-2020:1501
- openSUSE-SU-2020:1530
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update
Published: Dec. 27, 2018
Modified: Nov. 3, 2020
Modified: Nov. 3, 2020
CVE-2018-19869
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- https://codereview.qt-project.org/#/c/234142/
- https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
- openSUSE-SU-2019:1116
- [debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update
- RHSA-2019:2135
- openSUSE-SU-2020:1452
- openSUSE-SU-2020:1500
- openSUSE-SU-2020:1501
- openSUSE-SU-2020:1530
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2422-1] qtsvg-opensource-src security update
Published: Dec. 27, 2018
Modified: Sept. 28, 2020
Modified: Sept. 28, 2020
CVE-2018-19870
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- https://codereview.qt-project.org/#/c/235998/
- https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
- [debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update
- DSA-4374
- openSUSE-SU-2019:1239
- [debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update
- USN-4003-1
- RHSA-2019:2135
- RHSA-2019:3390
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update
Published: Dec. 27, 2018
Modified: Sept. 28, 2020
Modified: Sept. 28, 2020
CVE-2018-19871
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- https://codereview.qt-project.org/#/c/237761/
- https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
- openSUSE-SU-2019:1115
- [debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update
- RHSA-2019:2135
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update
Published: March 21, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2018-19872
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- https://bugreports.qt.io/browse/QTBUG-69449
- http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
- openSUSE-SU-2019:1239
- USN-4275-1
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update
- FEDORA-2019-03ac7f1d2f
- FEDORA-2019-ae913a2f00
- FEDORA-2019-b5e690b96e
Published: Dec. 27, 2018
Modified: Sept. 28, 2020
Modified: Sept. 28, 2020
CVE-2018-19873
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://codereview.qt-project.org/#/c/238749/
- https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
- openSUSE-SU-2018:4261
- [debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update
- DSA-4374
- [debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update
- USN-4003-1
- RHSA-2019:2135
- RHSA-2019:3390
- openSUSE-SU-2020:1452
- openSUSE-SU-2020:1500
- openSUSE-SU-2020:1501
- openSUSE-SU-2020:1530
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update