user/qt5*: multiple vulnerabilities
Bugzilla ID | 187 |
Alias(es) | CVE-2018-15518, CVE-2018-19869, CVE-2018-19870, CVE-2018-19871, CVE-2018-19873 |
Reporter | Max Rees (sroracle) |
Assignee | A. Wilcox (awilfox) |
Reported | 2019-08-27 15:40:07 -0500 |
Modified | 2020-02-25 00:01:03 -0600 |
Status | RESOLVED FIXED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Description
CVE-2018-15518: https://nvd.nist.gov/vuln/detail/CVE-2018-15518
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption
during parsing of a specially crafted illegal XML document.
Fixed in >= 5.9.8: https://codereview.qt-project.org/c/qt/qtbase/+/236745
CVE-2018-19873: https://nvd.nist.gov/vuln/detail/CVE-2018-19873
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer
overflow via BMP data.
Fixed in >= 5.9.8: https://codereview.qt-project.org/c/qt/qtbase/+/240268
CVE-2018-19870: https://nvd.nist.gov/vuln/detail/CVE-2018-19870
An issue was discovered in Qt before 5.11.3. A malformed GIF image
causes a NULL pointer dereference in QGifHandler resulting in a
segmentation fault.
Fixed in >= 5.9.8: https://codereview.qt-project.org/c/qt/qtbase/+/236168
CVE-2018-19871: https://nvd.nist.gov/vuln/detail/CVE-2018-19871
An issue was discovered in Qt before 5.11.3. There is QTgaFile
Uncontrolled Resource Consumption.
Fixed in >= 5.9.8: https://codereview.qt-project.org/c/qt/qtimageformats/+/238487
CVE-2018-19869: https://nvd.nist.gov/vuln/detail/CVE-2018-19869
An issue was discovered in Qt before 5.11.3. A malformed SVG image
causes a segmentation fault in qsvghandler.cpp.
Fixed in >= 5.9.8: https://codereview.qt-project.org/c/qt/qtsvg/+/236169