Описание
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
A vulnerability has been discovered in Qt Base, wherein an attacker can exploit a specially crafted KTX image file to induce a buffer overflow within the application parsing it. This overflow can subsequently result in a denial-of-service condition, rendering the affected application inaccessible or non-responsive.
Отчет
The CVE-2024-25580 vulnerability in Qt's KTX image handling module is classified as having a moderate severity rather than being deemed important due to several factors. While the vulnerability does pose a risk of buffer overflow and potential application crashes, its impact is somewhat mitigated by the fact that exploitation requires a specifically crafted KTX image file. This implies that successful exploitation depends on the attacker's ability to provide such a file to the target application. Moreover, the vulnerability does not inherently lead to remote code execution or compromise of sensitive data; it primarily results in a denial-of-service condition through application crashes.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | qt5-qtbase | Out of support scope | ||
| Red Hat Enterprise Linux 8 | qt5-qtbase | Fixed | RHSA-2024:3056 | 22.05.2024 |
| Red Hat Enterprise Linux 9 | qt5-qtbase | Fixed | RHSA-2024:2276 | 30.04.2024 |
Показывать по
Дополнительная информация
Статус:
6.2 Medium
CVSS3
Связанные уязвимости
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15. ...
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
6.2 Medium
CVSS3