CVE-2018-19873

Опубликовано: 26 дек. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html
Mailing List
https://access.redhat.com/errata/RHSA-2019:2135
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3390
Third Party Advisory
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
Release Notes
Vendor Advisory
https://codereview.qt-project.org/#/c/238749/
Issue Tracking
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4003-1/
Mailing List
Third Party Advisory
https://www.debian.org/security/2019/dsa-4374
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html
Mailing List
https://access.redhat.com/errata/RHSA-2019:2135
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*

Версия до 5.5.1 (включая)

cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*

Версия от 5.7.0 (включая) до 5.8.0 (включая)

cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*

Версия от 5.10.0 (включая) до 5.11.3 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*

cpe:2.3:o:opensuse:backports:sle-15:sp2:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08233

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2018-19873

CVSS3: 9.8

ubuntu

около 7 лет назад

An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.

CVE-2018-19873

CVSS3: 3.3

redhat

около 7 лет назад

An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.

CVE-2018-19873

CVSS3: 9.8

debian

около 7 лет назад

An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer ...

GHSA-7wmh-gw77-55mp

CVSS3: 9.8

github

больше 3 лет назад

An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.

BDU:2019-00951

fstec

почти 7 лет назад

Уязвимость класса QBmpHandler кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании или получить несанкционированный доступ к информации

EPSS

Процентиль: 92%

0.08233

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-119