Unrated severityOSV Advisory· Published Dec 26, 2018· Updated Aug 5, 2024
CVE-2018-19873
CVE-2018-19873
Description
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
Affected products
54- osv-coords53 versionspkg:rpm/opensuse/libqt4-devel-doc&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libqt4-devel-doc&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libqt4&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libqt4&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libqt4-sql-plugins&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libqt4-sql-plugins&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.0pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/libqt4&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20OpenStack%20Cloud%207
< 4.8.7-lp151.9.3.1+ 52 more
- (no CPE)range: < 4.8.7-lp151.9.3.1
- (no CPE)range: < 4.8.7-lp152.10.3.1
- (no CPE)range: < 4.8.7-lp151.9.3.1
- (no CPE)range: < 4.8.7-lp152.10.3.1
- (no CPE)range: < 4.8.7-lp151.9.3.1
- (no CPE)range: < 4.8.7-lp152.10.3.1
- (no CPE)range: < 5.9.4-lp150.5.4.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-bp151.4.3.1
- (no CPE)range: < 4.8.7-bp152.4.3.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-bp151.4.3.1
- (no CPE)range: < 4.8.7-bp152.4.3.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-8.13.1
- (no CPE)range: < 4.8.7-bp151.4.3.1
- (no CPE)range: < 4.8.7-bp152.4.3.1
- (no CPE)range: < 5.6.1-17.6.2
- (no CPE)range: < 5.6.2-6.15.2
- (no CPE)range: < 5.6.2-6.15.2
- (no CPE)range: < 5.9.4-8.11.13
- (no CPE)range: < 5.9.4-8.11.13
- (no CPE)range: < 5.5.1-8.3.1
- (no CPE)range: < 5.6.1-17.6.2
- (no CPE)range: < 5.6.1-17.6.2
- (no CPE)range: < 5.6.2-6.15.2
- (no CPE)range: < 5.6.2-6.15.2
- (no CPE)range: < 5.3.1-4.7.2
- (no CPE)range: < 5.5.1-8.3.1
- (no CPE)range: < 5.6.1-17.6.2
- (no CPE)range: < 5.6.2-6.15.2
- (no CPE)range: < 5.6.2-6.15.2
- (no CPE)range: < 5.6.2-6.15.2
- (no CPE)range: < 5.6.2-6.15.2
- (no CPE)range: < 5.6.1-17.6.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHSA-2019:2135mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:3390mitrevendor-advisoryx_refsource_REDHAT
- usn.ubuntu.com/4003-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4374mitrevendor-advisoryx_refsource_DEBIAN
- blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/mitrex_refsource_CONFIRM
- codereview.qt-project.orgmitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2019/01/msg00004.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/05/msg00014.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2020/09/msg00023.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.