PT-2018-2536 · Qt Company+5 · Qt+5

Published

2018-12-06

·

Updated

2020-09-28

·

CVE-2018-19870

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Qt versions prior to 5.11.3
Description The issue is related to a NULL pointer dereference in the QGifHandler function when processing a malformed GIF image, resulting in a segmentation fault. This can be exploited by a remote attacker to cause a denial of service using a specially crafted GIF image.
Recommendations For Qt versions prior to 5.11.3, update to version 5.11.3 or later to resolve the issue. As a temporary workaround, consider restricting the handling of GIF images by the QGifHandler function until a patch is available.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2018-2887
ALT-PU-2018-2888
ALT-PU-2018-2889
ALT-PU-2018-2890
ALT-PU-2018-2891
ALT-PU-2018-2892
ALT-PU-2018-2893
ALT-PU-2018-2894
ALT-PU-2018-2895
ALT-PU-2018-2896
ALT-PU-2018-2897
ALT-PU-2018-2898
ALT-PU-2018-2899
ALT-PU-2018-2900
ALT-PU-2018-2901
ALT-PU-2018-2902
ALT-PU-2018-2903
ALT-PU-2018-2904
ALT-PU-2018-2905
ALT-PU-2018-2906
ALT-PU-2018-2907
ALT-PU-2018-2908
ALT-PU-2018-2909
ALT-PU-2018-2910
ALT-PU-2018-2911
ALT-PU-2018-2912
ALT-PU-2018-2913
ALT-PU-2018-2914
ALT-PU-2018-2915
ALT-PU-2018-2916
ALT-PU-2018-2917
ALT-PU-2019-2558
ALT-PU-2019-2583
BDU:2019-00921
CESA-2019_2135
CESA-2019_3390
CESA-2020_1172
CVE-2018-19870
DLA-1627-1
DLA-1786-1
DLA-2377-1
DSA-4374-1
MGASA-2020-0204
OPENSUSE-SU-2019:1239-1
OPENSUSE-SU-2019_1239-1
RHSA-2019:2135
RHSA-2019:3390
RHSA-2019_2135
RHSA-2019_3390
RHSA-2020:1172
RHSA-2020_1172
SUSE-SU-2019:0927-1
SUSE-SU-2019_0927-1
SUSE-SU-2020:0317-1
SUSE-SU-2020:0318-1
SUSE-SU-2020:0319-1
SUSE-SU-2020_0317-1
SUSE-SU-2020_0318-1
SUSE-SU-2020_0319-1
USN-4003-1

Affected Products

Alt Linux
Centos
Qt
Red Hat
Suse
Ubuntu