PT-2018-2537 · Qt Company+5 · Qt+5

Published

2018-08-13

·

Updated

2020-09-28

·

CVE-2018-15518

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Qt versions prior to 5.11.3
Description The issue is related to a double-free memory error in the QXMLStreamReader function of the QXmlStream component in the Qt cross-platform framework. This can be exploited by a remote attacker using a specially crafted XML document, potentially leading to a denial of service or unauthorized access to information.
Recommendations For Qt versions prior to 5.11.3, update to version 5.11.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the QXMLStreamReader function to minimize the risk of exploitation. Avoid parsing untrusted or specially crafted XML documents until the issue is resolved.

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2018-2887
ALT-PU-2018-2888
ALT-PU-2018-2889
ALT-PU-2018-2890
ALT-PU-2018-2891
ALT-PU-2018-2892
ALT-PU-2018-2893
ALT-PU-2018-2894
ALT-PU-2018-2895
ALT-PU-2018-2896
ALT-PU-2018-2897
ALT-PU-2018-2898
ALT-PU-2018-2899
ALT-PU-2018-2900
ALT-PU-2018-2901
ALT-PU-2018-2902
ALT-PU-2018-2903
ALT-PU-2018-2904
ALT-PU-2018-2905
ALT-PU-2018-2906
ALT-PU-2018-2907
ALT-PU-2018-2908
ALT-PU-2018-2909
ALT-PU-2018-2910
ALT-PU-2018-2911
ALT-PU-2018-2912
ALT-PU-2018-2913
ALT-PU-2018-2914
ALT-PU-2018-2915
ALT-PU-2018-2916
ALT-PU-2018-2917
ALT-PU-2019-2558
ALT-PU-2019-2583
BDU:2019-00922
CESA-2019_2135
CESA-2019_3390
CESA-2020_1172
CVE-2018-15518
DLA-1627-1
DLA-1786-1
DLA-2377-1
DSA-4374-1
MGASA-2019-0025
MGASA-2020-0204
OPENSUSE-SU-2018_4261-1
OPENSUSE-SU-2019:0265-1
OPENSUSE-SU-2019_0265-1
OPENSUSE-SU-2020:1452-1
OPENSUSE-SU-2020:1500-1
OPENSUSE-SU-2020:1501-1
OPENSUSE-SU-2020:1530-1
OPENSUSE-SU-2020_1452-1
OPENSUSE-SU-2020_1501-1
RHSA-2019:2135
RHSA-2019:3390
RHSA-2019_2135
RHSA-2019_3390
RHSA-2020:1172
RHSA-2020_1172
SUSE-SU-2018:4179-1
SUSE-SU-2018:4183-1
SUSE-SU-2018:4210-1
SUSE-SU-2018:4210-2
SUSE-SU-2018:4294-1
SUSE-SU-2018_4179-1
SUSE-SU-2018_4183-1
SUSE-SU-2018_4210-1
SUSE-SU-2018_4210-2
SUSE-SU-2018_4294-1
SUSE-SU-2019:0447-1
SUSE-SU-2019_0447-1
SUSE-SU-2020:1021-1
SUSE-SU-2020_1021-1
USN-4003-1

Affected Products

Alt Linux
Centos
Qt
Red Hat
Suse
Ubuntu