CVE-2020-17507
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
12/08/2020
Last modified:
07/11/2023
Description
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:* | 5.12.9 (including) | |
| cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:* | 5.13.0 (including) | 5.15.1 (excluding) |
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html
- https://codereview.qt-project.org/c/qt/qtbase/+/308436
- https://codereview.qt-project.org/c/qt/qtbase/+/308495
- https://codereview.qt-project.org/c/qt/qtbase/+/308496
- https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/
- https://security.gentoo.org/glsa/202009-04