CVE-2019-18281

Current Description

An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.

Basic Data

PublishedOctober 23, 2019
Last ModifiedFebruary 18, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationQtQtbase********5.11.05.11.3
    2.3ApplicationQtQtbase********5.12.05.12.5
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux9.0*******
    2.3OSDebianDebian Linux10.0*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 10.0, 9.0
Qt Qtbase *

References

NameSourceURLTags
https://bugreports.qt.io/browse/QTBUG-77819https://bugreports.qt.io/browse/QTBUG-77819MISCPermissions Required
https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1848784https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1848784MISCIssue Tracking Third Party Advisory
https://codereview.qt-project.org/c/qt/qtbase/+/271889https://codereview.qt-project.org/c/qt/qtbase/+/271889MISCPatch Vendor Advisory
20191104 [SECURITY] [DSA 4556-1] qtbase-opensource-src security updatehttps://seclists.org/bugtraq/2019/Nov/4BUGTRAQMailing List Third Party Advisory
GLSA-202003-60https://security.gentoo.org/glsa/202003-60GENTOO
USN-4275-1https://usn.ubuntu.com/4275-1/UBUNTU
DSA-4556https://www.debian.org/security/2019/dsa-4556DEBIANThird Party Advisory