An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
References
| Link | Resource |
|---|---|
| https://bugreports.qt.io/browse/QTBUG-77819 | Permissions Required |
| https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1848784 | Issue Tracking Third Party Advisory |
| https://codereview.qt-project.org/c/qt/qtbase/+/271889 | Patch Vendor Advisory |
| https://seclists.org/bugtraq/2019/Nov/4 | Mailing List Third Party Advisory |
| https://security.gentoo.org/glsa/202003-60 | |
| https://usn.ubuntu.com/4275-1/ | |
| https://www.debian.org/security/2019/dsa-4556 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-10-23 15:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-18281
Mitre link : CVE-2019-18281
CVE.ORG link : CVE-2019-18281
JSON object : View
Products Affected
debian
- debian_linux
qt
- qtbase
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer