Описание
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| qtbase-opensource-src-gles | fixed | 5.12.5+dfsg-1 | package | |
| qtbase-opensource-src | fixed | 5.12.5+dfsg-2 | package | |
| qtbase-opensource-src | no-dsa | buster | package | |
| qtbase-opensource-src | not-affected | stretch | package | |
| qtbase-opensource-src | not-affected | jessie | package |
Примечания
https://github.com/qt/qtbase/commit/af6ac444c97ed2dc234f93fe457440c9da5482ea
https://bugreports.qt.io/browse/QTBUG-77819
Связанные уязвимости
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
Уязвимость функции generateDirectionalRuns() библиотеки Qt, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании