PT-2018-3711 · Qt Company+7 · Qt+7

Than Ngothan

Published

2018-07-13

Updated

2020-09-28

CVE-2018-19872

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Qt version 5.11

Description A issue in Qt 5.11 allows a remote attacker to cause a denial of service using a malformed PPM image, which results in a division by zero and a crash in the qppmhandler.cpp component.

Recommendations For Qt version 5.11, as a temporary workaround, consider disabling the handling of PPM images until a patch is available. Restrict access to the qppmhandler.cpp component to minimize the risk of exploitation. Avoid using the PPM image handling functionality in Qt until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

ALSA-2020:1665

ALT-PU-2019-2558

ALT-PU-2019-2583

BDU:2021-03458

CESA-2020_1172

CESA-2020_1665

CVE-2018-19872

DLA-2376-1

DLA-2377-1

MGASA-2019-0161

OPENSUSE-SU-2019:1239-1

OPENSUSE-SU-2019_1239-1

RHSA-2020:1172

RHSA-2020:1665

RHSA-2020_1172

RHSA-2020_1665

RLSA-2020:1665

SUSE-SU-2019:0927-1

SUSE-SU-2020:0317-1

SUSE-SU-2020:0318-1

SUSE-SU-2020:0319-1

USN-4275-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2018-3711 · Qt Company+7 · Qt+7

CVE-2018-19872

Weakness Enumeration

Related Identifiers

Affected Products

References · 141