PT-2018-3709 · Qt Company+7 · Qt+7
Published
2018-07-09
·
Updated
2026-05-28
·
CVE-2018-19869
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Qt versions prior to 5.11.3
Description
The issue is related to a flaw in the input validation mechanism of the qsvghandler.cpp component in the Qt cross-platform framework. This flaw can be exploited by a remote attacker using a malformed SVG image, potentially leading to a denial of service due to a segmentation fault in qsvghandler.cpp.
Recommendations
For Qt versions prior to 5.11.3, update to version 5.11.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of SVG images from untrusted sources to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Qt
Red Hat
Rocky Linux
Suse
Ubuntu