Unrated severityNVD Advisory· Published Aug 12, 2020· Updated Aug 4, 2024
CVE-2020-17507
CVE-2020-17507
Description
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
Affected products
54- Qt/Qtdescription
- osv-coords53 versionspkg:rpm/almalinux/qt5-qtbase-staticpkg:rpm/opensuse/libqt4-devel-doc&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libqt4-devel-doc&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libqt4&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libqt4&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libqt4-sql-plugins&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libqt4-sql-plugins&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/libqt4&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/libqt5-qtbase&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 5.12.5-8.el8+ 52 more
- (no CPE)range: < 5.12.5-8.el8
- (no CPE)range: < 4.8.7-lp151.9.3.1
- (no CPE)range: < 4.8.7-lp152.10.3.1
- (no CPE)range: < 4.8.7-lp151.9.3.1
- (no CPE)range: < 4.8.7-lp152.10.3.1
- (no CPE)range: < 4.8.7-lp151.9.3.1
- (no CPE)range: < 4.8.7-lp152.10.3.1
- (no CPE)range: < 5.9.7-lp151.4.6.1
- (no CPE)range: < 5.12.7-lp152.3.6.1
- (no CPE)range: < 5.15.2+kde222-1.3
- (no CPE)range: < 4.8.7-8.16.2
- (no CPE)range: < 4.8.7-8.16.2
- (no CPE)range: < 4.8.7-8.16.2
- (no CPE)range: < 4.8.7-bp151.4.3.1
- (no CPE)range: < 4.8.7-bp152.4.3.1
- (no CPE)range: < 4.8.7-8.16.1
- (no CPE)range: < 4.8.7-8.16.1
- (no CPE)range: < 4.8.7-8.16.1
- (no CPE)range: < 4.8.7-8.16.1
- (no CPE)range: < 4.8.7-bp151.4.3.1
- (no CPE)range: < 4.8.7-bp152.4.3.1
- (no CPE)range: < 4.8.7-8.16.1
- (no CPE)range: < 4.8.7-8.16.1
- (no CPE)range: < 4.8.7-8.16.1
- (no CPE)range: < 4.8.7-8.16.1
- (no CPE)range: < 4.8.7-bp151.4.3.1
- (no CPE)range: < 4.8.7-bp152.4.3.1
- (no CPE)range: < 5.6.2-6.25.1
- (no CPE)range: < 5.6.2-6.25.1
- (no CPE)range: < 5.9.4-8.24.1
- (no CPE)range: < 5.9.4-8.24.1
- (no CPE)range: < 5.9.7-13.8.1
- (no CPE)range: < 5.12.7-4.6.1
- (no CPE)range: < 5.9.7-13.8.1
- (no CPE)range: < 5.12.7-4.6.1
- (no CPE)range: < 5.6.1-17.16.1
- (no CPE)range: < 5.6.1-17.16.1
- (no CPE)range: < 5.6.2-6.25.1
- (no CPE)range: < 5.6.2-6.25.1
- (no CPE)range: < 5.6.2-6.25.1
- (no CPE)range: < 5.6.2-6.25.1
- (no CPE)range: < 5.9.4-8.24.1
- (no CPE)range: < 5.6.1-17.16.1
- (no CPE)range: < 5.6.2-6.25.1
- (no CPE)range: < 5.6.2-6.25.1
- (no CPE)range: < 5.6.2-6.25.1
- (no CPE)range: < 5.9.4-8.24.1
- (no CPE)range: < 5.6.2-6.25.1
- (no CPE)range: < 5.6.1-17.16.1
- (no CPE)range: < 5.6.2-6.25.1
- (no CPE)range: < 5.6.2-6.25.1
- (no CPE)range: < 5.6.2-6.25.1
- (no CPE)range: < 5.6.2-6.25.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202009-04mitrevendor-advisoryx_refsource_GENTOO
- codereview.qt-project.org/c/qt/qtbase/+/308436mitrex_refsource_MISC
- codereview.qt-project.org/c/qt/qtbase/+/308495mitrex_refsource_MISC
- codereview.qt-project.org/c/qt/qtbase/+/308496mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/09/msg00023.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2020/09/msg00024.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.