Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-43114

Опубликовано: 15 сент. 2023
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.

An issue was discovered in Qt on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.

Отчет

This vulnerability only affects Qt on Windows.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6qtNot affected
Red Hat Enterprise Linux 6qt3Not affected
Red Hat Enterprise Linux 7qtNot affected
Red Hat Enterprise Linux 7qt3Not affected
Red Hat Enterprise Linux 8qt5Not affected
Red Hat Enterprise Linux 9qt5Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2241115qt: corrupted font loaded via QFontDatabase::addApplicationFont{FromData] leads to DoS

EPSS

Процентиль: 16%
0.00051
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-43114

CVSS3: 5.5
ubuntu
больше 2 лет назад

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.

nvd логотип

CVE-2023-43114

CVSS3: 5.5
nvd
больше 2 лет назад

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.

debian логотип

CVE-2023-43114

CVSS3: 5.5
debian
больше 2 лет назад

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6 ...

github логотип

GHSA-qqpv-296g-7w66

CVSS3: 5.5
github
больше 2 лет назад

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.

fstec логотип

BDU:2023-05913

CVSS3: 3
fstec
больше 2 лет назад

Уязвимость функции addApplicationFont{FromData] класса QFontDatabase кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 16%
0.00051
Низкий

5.5 Medium

CVSS3