CVE-2020-17507

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html Broken Link
https://codereview.qt-project.org/c/qt/qtbase/+/308436 Mailing List Patch Vendor Advisory
https://codereview.qt-project.org/c/qt/qtbase/+/308495 Mailing List Patch Vendor Advisory
https://codereview.qt-project.org/c/qt/qtbase/+/308496 Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/
https://security.gentoo.org/glsa/202009-04 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html Broken Link
https://codereview.qt-project.org/c/qt/qtbase/+/308436 Mailing List Patch Vendor Advisory
https://codereview.qt-project.org/c/qt/qtbase/+/308495 Mailing List Patch Vendor Advisory
https://codereview.qt-project.org/c/qt/qtbase/+/308496 Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/
https://security.gentoo.org/glsa/202009-04 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

History

21 Nov 2024, 05:08

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html - Broken Link
References () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html - Broken Link
References () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html - Broken Link
References () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html - Broken Link
References () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html - Broken Link
References () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html - Broken Link
References () https://codereview.qt-project.org/c/qt/qtbase/+/308436 - Mailing List, Patch, Vendor Advisory () https://codereview.qt-project.org/c/qt/qtbase/+/308436 - Mailing List, Patch, Vendor Advisory
References () https://codereview.qt-project.org/c/qt/qtbase/+/308495 - Mailing List, Patch, Vendor Advisory () https://codereview.qt-project.org/c/qt/qtbase/+/308495 - Mailing List, Patch, Vendor Advisory
References () https://codereview.qt-project.org/c/qt/qtbase/+/308496 - Mailing List, Vendor Advisory () https://codereview.qt-project.org/c/qt/qtbase/+/308496 - Mailing List, Vendor Advisory
References () https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/ -
References () https://security.gentoo.org/glsa/202009-04 - Third Party Advisory () https://security.gentoo.org/glsa/202009-04 - Third Party Advisory

07 Nov 2023, 03:19

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/', 'name': 'FEDORA-2020-b8091188d0', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/', 'name': 'FEDORA-2020-8dd86f1b3f', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/ -

Information

Published : 2020-08-12 18:15

Updated : 2024-11-21 05:08


NVD link : CVE-2020-17507

Mitre link : CVE-2020-17507

CVE.ORG link : CVE-2020-17507


JSON object : View

Products Affected

debian

  • debian_linux

fedoraproject

  • fedora

qt

  • qt
CWE
CWE-125

Out-of-bounds Read