Описание
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
Отчет
Red Hat Enterprise Linux 7 is not affected by this issue as qt5-base version as shipped with it doesn't have the code which contains the bug.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | qt5-qtbase | Not affected | ||
| Red Hat Enterprise Linux 8 | python-qt5 | Fixed | RHSA-2020:1665 | 29.04.2020 |
| Red Hat Enterprise Linux 8 | qgnomeplatform | Fixed | RHSA-2020:1665 | 29.04.2020 |
| Red Hat Enterprise Linux 8 | qt5 | Fixed | RHSA-2020:1665 | 29.04.2020 |
| Red Hat Enterprise Linux 8 | qt5-qt3d | Fixed | RHSA-2020:1665 | 29.04.2020 |
| Red Hat Enterprise Linux 8 | qt5-qtbase | Fixed | RHSA-2020:1665 | 29.04.2020 |
| Red Hat Enterprise Linux 8 | qt5-qtcanvas3d | Fixed | RHSA-2020:1665 | 29.04.2020 |
| Red Hat Enterprise Linux 8 | qt5-qtconnectivity | Fixed | RHSA-2020:1665 | 29.04.2020 |
| Red Hat Enterprise Linux 8 | qt5-qtdeclarative | Fixed | RHSA-2020:1665 | 29.04.2020 |
| Red Hat Enterprise Linux 8 | qt5-qtdoc | Fixed | RHSA-2020:1665 | 29.04.2020 |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS3
Связанные уязвимости
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
An out-of-bounds memory access in the generateDirectionalRuns() functi ...
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
Уязвимость функции generateDirectionalRuns() библиотеки Qt, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
4.3 Medium
CVSS3