Vulnerabilities > CVE-2018-19872 - Divide By Zero vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 1 | |
| OS | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1904.NASL description According to the version of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.(CVE-2018-19872) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-16 plugin id 128827 published 2019-09-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128827 title EulerOS 2.0 SP5 : qt (EulerOS-SA-2019-1904) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(128827); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2018-19872" ); script_name(english:"EulerOS 2.0 SP5 : qt (EulerOS-SA-2019-1904)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.(CVE-2018-19872) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1904 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b6638570"); script_set_attribute(attribute:"solution", value: "Update the affected qt package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qt-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qt-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qt-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qt-x11"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["qt-4.8.7-2.h4.eulerosv2r7", "qt-devel-4.8.7-2.h4.eulerosv2r7", "qt-mysql-4.8.7-2.h4.eulerosv2r7", "qt-odbc-4.8.7-2.h4.eulerosv2r7", "qt-postgresql-4.8.7-2.h4.eulerosv2r7", "qt-x11-4.8.7-2.h4.eulerosv2r7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt"); }NASL family Fedora Local Security Checks NASL id FEDORA_2019-AE913A2F00.NASL description Security fix for CVE-2018-19872 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123536 published 2019-04-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123536 title Fedora 29 : 1:qt (2019-ae913a2f00) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-ae913a2f00. # include("compat.inc"); if (description) { script_id(123536); script_version("1.3"); script_cvs_date("Date: 2020/01/27"); script_cve_id("CVE-2018-19872"); script_xref(name:"FEDORA", value:"2019-ae913a2f00"); script_name(english:"Fedora 29 : 1:qt (2019-ae913a2f00)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2018-19872 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-ae913a2f00" ); script_set_attribute(attribute:"solution", value:"Update the affected 1:qt package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:qt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"qt-4.8.7-45.fc29", epoch:"1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:qt"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1172.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1172 advisory. - qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518) - qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869) - qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870) - qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871) - qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp (CVE-2018-19872) - qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-23 modified 2020-03-31 plugin id 135039 published 2020-03-31 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135039 title RHEL 7 : qt (RHSA-2020:1172) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1833.NASL description According to the version of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.(CVE-2018-19872) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-08-27 plugin id 128202 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128202 title EulerOS 2.0 SP8 : qt (EulerOS-SA-2019-1833) NASL family Fedora Local Security Checks NASL id FEDORA_2019-03AC7F1D2F.NASL description Security fix for CVE-2018-19872 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124465 published 2019-05-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124465 title Fedora 30 : 1:qt (2019-03ac7f1d2f) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0317-1.NASL description This update for libqt5-qtbase fixes the following issues : Security issues fixed : CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133493 published 2020-02-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133493 title SUSE SLED12 / SLES12 Security Update : libqt5-qtbase (SUSE-SU-2020:0317-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1239.NASL description This update for libqt5-qtbase fixes the following issues : Security issues fixed:	 - CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). - CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). Other issue addressed : - Fixed an issue which showing remote locations was not allowed (bsc#1129662). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 124189 published 2019-04-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124189 title openSUSE Security Update : libqt5-qtbase (openSUSE-2019-1239) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0927-1.NASL description This update for libqt5-qtbase fixes the following issues : Security issues fixed : CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). Other issue addressed: Fixed an issue which showing remote locations was not allowed (bsc#1129662). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123996 published 2019-04-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123996 title SUSE SLED15 / SLES15 Security Update : libqt5-qtbase (SUSE-SU-2019:0927-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0318-1.NASL description This update for libqt5-qtbase fixes the following issue : Security issue fixed : CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). Other issue addressed : Fixed an issue with rendering animated gifs (QTBUG-55141). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133494 published 2020-02-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133494 title SUSE SLES12 Security Update : libqt5-qtbase (SUSE-SU-2020:0318-1) NASL family Fedora Local Security Checks NASL id FEDORA_2019-B5E690B96E.NASL description Security fix for CVE-2018-19872 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123537 published 2019-04-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123537 title Fedora 28 : 1:qt (2019-b5e690b96e) NASL family Scientific Linux Local Security Checks NASL id SL_20200407_QT_ON_SL7_X.NASL description * qt5-qtbase: Double free in QXmlStreamReader * qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp * qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service * qt5-qtbase: QImage allocation failure in qgifhandler * qt5-qtimageformats: QTgaFile CPU exhaustion * qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file last seen 2020-04-30 modified 2020-04-21 plugin id 135834 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135834 title Scientific Linux Security Update : qt on SL7.x x86_64 (20200407) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0319-1.NASL description This update for libqt5-qtbase fixes the following issue : Security issues fixed : CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). Other issue addressed : Fixed an issue with rendering animated gifs (QTBUG-55141). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133495 published 2020-02-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133495 title SUSE SLES12 Security Update : libqt5-qtbase (SUSE-SU-2020:0319-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-1172.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1172 advisory. - qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518) - qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869) - qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870) - qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871) - qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp (CVE-2018-19872) - qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-04-10 plugin id 135349 published 2020-04-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135349 title CentOS 7 : qt (CESA-2020:1172) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4275-1.NASL description It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19872) It was discovered that Qt incorrectly handled certain text files. If a user or automated system were tricked into opening a specially crafted text file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 19.10. (CVE-2019-18281) It was discovered that Qt incorrectly searched for plugins in the current working directory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-0569) It was discovered that Qt incorrectly searched for libraries relative to the current working directory. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2020-0570). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133647 published 2020-02-12 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133647 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : qtbase-opensource-src vulnerabilities (USN-4275-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2381.NASL description According to the versions of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.(CVE-2013-4549) - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.(CVE-2018-19871) - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.(CVE-2018-15518) - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.(CVE-2018-19872) - Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.(CVE-2015-1858) - Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.(CVE-2015-1859) - Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.(CVE-2015-1860) - The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.(CVE-2015-0295) - The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.(CVE-2014-0190) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-10 plugin id 131873 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131873 title EulerOS 2.0 SP2 : qt (EulerOS-SA-2019-2381) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1665.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1665 advisory. - qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869) - qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871) - qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp (CVE-2018-19872) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-03 modified 2020-04-29 plugin id 136117 published 2020-04-29 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136117 title RHEL 8 : qt5 (RHSA-2020:1665) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2656.NASL description According to the versions of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.(CVE-2018-19872) - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.(CVE-2018-19871) - Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.(CVE-2015-1858) - Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.(CVE-2015-1860) - Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.(CVE-2015-1859) - QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.(CVE-2013-4549) - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.(CVE-2018-15518) - The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.(CVE-2015-0295) - The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.(CVE-2014-0190) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-18 plugin id 132191 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132191 title EulerOS 2.0 SP3 : qt (EulerOS-SA-2019-2656)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://bugreports.qt.io/browse/QTBUG-69449
- http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html
- https://usn.ubuntu.com/4275-1/
- https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/