CVE-2018-19872

MEDIUM

Qt 5.11 - Info Disclosure

Title source: llm

Description

An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.

References (9)

[Patch, Vendor Advisory] http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html

[Exploit, Issue Tracking, Patch, Vendor Advisory] https://bugreports.qt.io/browse/QTBUG-69449

[Vendor Advisory] https://usn.ubuntu.com/4275-1/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/

[Mailing List] https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html

Scores

CVSS v3 5.5

EPSS 0.0026

EPSS Percentile 49.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-369

Status published

Affected Products (5)

qt/qt

opensuse/leap

fedoraproject/fedora

fedoraproject/fedora

fedoraproject/fedora

Timeline

Published Mar 21, 2019

Tracked Since Feb 18, 2026