GitLab

Bugzilla ID	187
Alias(es)	CVE-2018-15518, CVE-2018-19869, CVE-2018-19870, CVE-2018-19871, CVE-2018-19873
Reporter	Max Rees (sroracle)
Assignee	A. Wilcox (awilfox)
Reported	2019-08-27 15:40:07 -0500
Modified	2020-02-25 00:01:03 -0600
Status	RESOLVED FIXED
Version	1.0-BETA3
Hardware	Adélie Linux / All
Importance	--- / normal

Description

CVE-2018-15518: https://nvd.nist.gov/vuln/detail/CVE-2018-15518

QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption
during parsing of a specially crafted illegal XML document.

Fixed in >= 5.9.8: https://codereview.qt-project.org/c/qt/qtbase/+/236745

CVE-2018-19873: https://nvd.nist.gov/vuln/detail/CVE-2018-19873

An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer
overflow via BMP data.

Fixed in >= 5.9.8: https://codereview.qt-project.org/c/qt/qtbase/+/240268

CVE-2018-19870: https://nvd.nist.gov/vuln/detail/CVE-2018-19870

An issue was discovered in Qt before 5.11.3. A malformed GIF image
causes a NULL pointer dereference in QGifHandler resulting in a
segmentation fault.

Fixed in >= 5.9.8: https://codereview.qt-project.org/c/qt/qtbase/+/236168

CVE-2018-19871: https://nvd.nist.gov/vuln/detail/CVE-2018-19871

An issue was discovered in Qt before 5.11.3. There is QTgaFile
Uncontrolled Resource Consumption.

Fixed in >= 5.9.8: https://codereview.qt-project.org/c/qt/qtimageformats/+/238487

CVE-2018-19869: https://nvd.nist.gov/vuln/detail/CVE-2018-19869

An issue was discovered in Qt before 5.11.3. A malformed SVG image
causes a segmentation fault in qsvghandler.cpp.

Fixed in >= 5.9.8: https://codereview.qt-project.org/c/qt/qtsvg/+/236169