openSUSE-SU-2019:1115

RHSA-2019:2135

https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/

https://codereview.qt-project.org/#/c/237761/

[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update

[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has qt packages installed that are affected by multiple vulnerabilities:

  - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in     qppmhandler.cpp. (CVE-2018-19872)

  - An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in     QGifHandler resulting in a segmentation fault. (CVE-2018-19870)

  - An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
    (CVE-2018-19873)

  - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
    (CVE-2018-19871)

  - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted     illegal XML document. (CVE-2018-15518)

  - An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in     qsvghandler.cpp. (CVE-2018-19869)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has qt5-qtimageformats packages installed that are affected by a vulnerability:

  - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
    (CVE-2018-19871)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has qt packages installed that are affected by multiple vulnerabilities:

  - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in     qppmhandler.cpp. (CVE-2018-19872)

  - An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in     QGifHandler resulting in a segmentation fault. (CVE-2018-19870)

  - An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
    (CVE-2018-19873)

  - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
    (CVE-2018-19871)

  - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted     illegal XML document. (CVE-2018-15518)

  - An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in     qsvghandler.cpp. (CVE-2018-19869)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for libqt5-qtimageformats fixes the following issues :

Security issues fixed :

CVE-2018-19871: Fixed CPU exhaustion in QTgaFile (bsc#1118598)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were fixed in qt4-x11, the legacy version of the Qt toolkit.

CVE-2018-15518

Double-free or corruption in QXmlStreamReader during parsing of a specially crafted illegal XML document.

CVE-2018-19869

A malformed SVG image causes a segmentation fault.

CVE-2018-19870

A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.

CVE-2018-19871

Uncontrolled Resource Consumption in QTgaFile.

CVE-2018-19872

A malformed PPM image causes a crash.

CVE-2018-19873

QBmpHandler segfault on malformed BMP file.

CVE-2020-17507

Buffer over-read in the XBM parser.

For Debian 9 stretch, these problems have been fixed in version 4:4.8.7+dfsg-11+deb9u1.

We recommend that you upgrade your qt4-x11 packages.

For the detailed security status of qt4-x11 please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/qt4-x11

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has qt5-qtimageformats packages installed that are affected by a vulnerability:

  - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
    (CVE-2018-19871)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. (CVE-2018-19869)

An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. (CVE-2018-19870)

An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. (CVE-2018-19872)

QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
(CVE-2018-15518)

An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. (CVE-2018-19873)

An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. (CVE-2018-19871)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1665 advisory.

  - qt5-qtsvg: Invalid parsing of malformed url reference     resulting in a denial of service (CVE-2018-19869)

  - qt5-qtimageformats: QTgaFile CPU exhaustion     (CVE-2018-19871)

  - qt: Malformed PPM image causing division by zero and     crash in qppmhandler.cpp (CVE-2018-19872)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

* qt5-qtbase: Double free in QXmlStreamReader * qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp * qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service * qt5-qtbase: QImage allocation failure in qgifhandler * qt5-qtimageformats: QTgaFile CPU exhaustion * qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1172 advisory.

  - qt5-qtbase: Double free in QXmlStreamReader     (CVE-2018-15518)

  - qt5-qtsvg: Invalid parsing of malformed url reference     resulting in a denial of service (CVE-2018-19869)

  - qt5-qtbase: QImage allocation failure in qgifhandler     (CVE-2018-19870)

  - qt5-qtimageformats: QTgaFile CPU exhaustion     (CVE-2018-19871)

  - qt: Malformed PPM image causing division by zero and     crash in qppmhandler.cpp (CVE-2018-19872)

  - qt5-qtbase: QBmpHandler segmentation fault on malformed     BMP file (CVE-2018-19873)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - An issue was discovered in Qt 5.11. A malformed PPM     image causes a division by zero and a crash in     qppmhandler.cpp.(CVE-2018-19872)

  - An issue was discovered in Qt before 5.11.3. There is     QTgaFile Uncontrolled Resource     Consumption.(CVE-2018-19871)

  - Multiple buffer overflows in gui/image/qbmphandler.cpp     in the QtBase module in Qt before 4.8.7 and 5.x before     5.4.2 allow remote attackers to cause a denial of     service (segmentation fault and crash) and possibly     execute arbitrary code via a crafted BMP     image.(CVE-2015-1858)

  - Multiple buffer overflows in gui/image/qgifhandler.cpp     in the QtBase module in Qt before 4.8.7 and 5.x before     5.4.2 allow remote attackers to cause a denial of     service (segmentation fault) and possibly execute     arbitrary code via a crafted GIF image.(CVE-2015-1860)

  - Multiple buffer overflows in     plugins/imageformats/ico/qicohandler.cpp in the QtBase     module in Qt before 4.8.7 and 5.x before 5.4.2 allow     remote attackers to cause a denial of service     (segmentation fault and crash) and possibly execute     arbitrary code via a crafted ICO image.(CVE-2015-1859)

  - QXmlSimpleReader in Qt before 5.2 allows     context-dependent attackers to cause a denial of     service (memory consumption) via an XML Entity     Expansion (XEE) attack.(CVE-2013-4549)

  - QXmlStream in Qt 5.x before 5.11.3 has a double-free or     corruption during parsing of a specially crafted     illegal XML document.(CVE-2018-15518)

  - The BMP decoder in QtGui in QT before 5.5 does not     properly calculate the masks used to extract the color     components, which allows remote attackers to cause a     denial of service (divide-by-zero and crash) via a     crafted BMP file.(CVE-2015-0295)

  - The GIF decoder in QtGui in Qt before 5.3 allows remote     attackers to cause a denial of service (NULL pointer     dereference) via invalid width and height values in a     GIF image.(CVE-2014-0190)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - QXmlSimpleReader in Qt before 5.2 allows     context-dependent attackers to cause a denial of     service (memory consumption) via an XML Entity     Expansion (XEE) attack.(CVE-2013-4549)

  - An issue was discovered in Qt before 5.11.3. There is     QTgaFile Uncontrolled Resource     Consumption.(CVE-2018-19871)

  - QXmlStream in Qt 5.x before 5.11.3 has a double-free or     corruption during parsing of a specially crafted     illegal XML document.(CVE-2018-15518)

  - An issue was discovered in Qt 5.11. A malformed PPM     image causes a division by zero and a crash in     qppmhandler.cpp.(CVE-2018-19872)

  - Multiple buffer overflows in gui/image/qbmphandler.cpp     in the QtBase module in Qt before 4.8.7 and 5.x before     5.4.2 allow remote attackers to cause a denial of     service (segmentation fault and crash) and possibly     execute arbitrary code via a crafted BMP     image.(CVE-2015-1858)

  - Multiple buffer overflows in     plugins/imageformats/ico/qicohandler.cpp in the QtBase     module in Qt before 4.8.7 and 5.x before 5.4.2 allow     remote attackers to cause a denial of service     (segmentation fault and crash) and possibly execute     arbitrary code via a crafted ICO image.(CVE-2015-1859)

  - Multiple buffer overflows in gui/image/qgifhandler.cpp     in the QtBase module in Qt before 4.8.7 and 5.x before     5.4.2 allow remote attackers to cause a denial of     service (segmentation fault) and possibly execute     arbitrary code via a crafted GIF image.(CVE-2015-1860)

  - The BMP decoder in QtGui in QT before 5.5 does not     properly calculate the masks used to extract the color     components, which allows remote attackers to cause a     denial of service (divide-by-zero and crash) via a     crafted BMP file.(CVE-2015-0295)

  - The GIF decoder in QtGui in Qt before 5.3 allows remote     attackers to cause a denial of service (NULL pointer     dereference) via invalid width and height values in a     GIF image.(CVE-2014-0190)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - An issue was discovered in Qt before 5.11.3. There is     QTgaFile Uncontrolled Resource     Consumption.(CVE-2018-19871)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt.

The following packages have been upgraded to a later upstream version:
qt5-qt3d (5.9.7), qt5-qtbase (5.9.7), qt5-qtcanvas3d (5.9.7), qt5-qtconnectivity (5.9.7), qt5-qtdeclarative (5.9.7), qt5-qtdoc (5.9.7), qt5-qtgraphicaleffects (5.9.7), qt5-qtimageformats (5.9.7), qt5-qtlocation (5.9.7), qt5-qtmultimedia (5.9.7), qt5-qtquickcontrols (5.9.7), qt5-qtquickcontrols2 (5.9.7), qt5-qtscript (5.9.7), qt5-qtsensors (5.9.7), qt5-qtserialbus (5.9.7), qt5-qtserialport (5.9.7), qt5-qtsvg (5.9.7), qt5-qttools (5.9.7), qt5-qttranslations (5.9.7), qt5-qtwayland (5.9.7), qt5-qtwebchannel (5.9.7), qt5-qtwebsockets (5.9.7), qt5-qtx11extras (5.9.7), qt5-qtxmlpatterns (5.9.7). (BZ#1564000, BZ#1564001, BZ#1564002, BZ#1564003, BZ#1564004, BZ#1564006, BZ# 1564007, BZ#1564008, BZ#1564009, BZ#1564010, BZ#1564011, BZ#1564012, BZ# 1564013, BZ#1564014, BZ#1564015, BZ#1564016, BZ#1564017, BZ#1564018, BZ# 1564019, BZ#1564020, BZ#1564021, BZ#1564022, BZ#1564023, BZ#1564024)

Security Fix(es) :

* qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)

* qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)

* qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870)

* qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)

* qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

The following packages have been upgraded to a later upstream version:
qt5-qt3d (5.9.7), qt5-qtbase (5.9.7), qt5-qtcanvas3d (5.9.7), qt5-qtconnectivity (5.9.7), qt5-qtdeclarative (5.9.7), qt5-qtdoc (5.9.7), qt5-qtgraphicaleffects (5.9.7), qt5-qtimageformats (5.9.7), qt5-qtlocation (5.9.7), qt5-qtmultimedia (5.9.7), qt5-qtquickcontrols (5.9.7), qt5-qtquickcontrols2 (5.9.7), qt5-qtscript (5.9.7), qt5-qtsensors (5.9.7), qt5-qtserialbus (5.9.7), qt5-qtserialport (5.9.7), qt5-qtsvg (5.9.7), qt5-qttools (5.9.7), qt5-qttranslations (5.9.7), qt5-qtwayland (5.9.7), qt5-qtwebchannel (5.9.7), qt5-qtwebsockets (5.9.7), qt5-qtx11extras (5.9.7), qt5-qtxmlpatterns (5.9.7).

Security Fix(es) :

  - qt5-qtbase: Double free in QXmlStreamReader     (CVE-2018-15518)

  - qt5-qtsvg: Invalid parsing of malformed url reference     resulting in a denial of service (CVE-2018-19869)

  - qt5-qtbase: QImage allocation failure in qgifhandler     (CVE-2018-19870)

  - qt5-qtimageformats: QTgaFile CPU exhaustion     (CVE-2018-19871)

  - qt5-qtbase: QBmpHandler segmentation fault on malformed     BMP file (CVE-2018-19873)

Multiple issues have been addressed in Qt4.

CVE-2018-15518

A double-free or corruption during parsing of a specially crafted illegal XML document.

CVE-2018-19869

A malformed SVG image could cause a segmentation fault in qsvghandler.cpp.

CVE-2018-19870

A malformed GIF image might have caused a NULL pointer dereference in QGifHandler resulting in a segmentation fault.

CVE-2018-19871

There was an uncontrolled resource consumption in QTgaFile.

CVE-2018-19873

QBmpHandler had a buffer overflow via BMP data.

For Debian 8 'Jessie', these problems have been fixed in version 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2.

We recommend that you upgrade your qt4-x11 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libqt5-qtimageformats fixes the following issues :

Security issues fixed :

  - CVE-2018-19871: Fixed CPU exhaustion in QTgaFile     (bsc#1118598)

This update was imported from the SUSE:SLE-15:Update update project.

Update to mingw-qt5-*-5.11.3, see http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-securit y-updates/ for details. Update to mingw-sip-4.19.13, see https://www.riverbankcomputing.com/static/Downloads/sip/ChangeLog for details.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
143935	NewStart CGSL CORE 5.05 / MAIN 5.05 : qt Multiple Vulnerabilities (NS-SA-2020-0092)	Nessus	NewStart CGSL Local Security Checks	high
143932	NewStart CGSL CORE 5.05 / MAIN 5.05 : qt5-qtimageformats Vulnerability (NS-SA-2020-0099)	Nessus	NewStart CGSL Local Security Checks	medium
143909	NewStart CGSL CORE 5.04 / MAIN 5.04 : qt Multiple Vulnerabilities (NS-SA-2020-0062)	Nessus	NewStart CGSL Local Security Checks	high
143837	SUSE SLES12 Security Update : libqt5-qtimageformats (SUSE-SU-2020:2923-1)	Nessus	SuSE Local Security Checks	medium
140932	Debian DLA-2377-1 : qt4-x11 security update	Nessus	Debian Local Security Checks	high
140698	NewStart CGSL CORE 5.04 / MAIN 5.04 : qt5-qtimageformats Vulnerability (NS-SA-2020-0040)	Nessus	NewStart CGSL Local Security Checks	medium
138624	Amazon Linux 2 : qt (ALAS-2020-1458)	Nessus	Amazon Linux Local Security Checks	high
136117	RHEL 8 : qt5 (RHSA-2020:1665)	Nessus	Red Hat Local Security Checks	medium
135834	Scientific Linux Security Update : qt on SL7.x x86_64 (20200407)	Nessus	Scientific Linux Local Security Checks	high
135349	CentOS 7 : qt (CESA-2020:1172)	Nessus	CentOS Local Security Checks	high
135039	RHEL 7 : qt (RHSA-2020:1172)	Nessus	Red Hat Local Security Checks	high
132191	EulerOS 2.0 SP3 : qt (EulerOS-SA-2019-2656)	Nessus	Huawei Local Security Checks	medium
131873	EulerOS 2.0 SP2 : qt (EulerOS-SA-2019-2381)	Nessus	Huawei Local Security Checks	medium
131367	EulerOS 2.0 SP8 : qt (EulerOS-SA-2019-2301)	Nessus	Huawei Local Security Checks	medium
130648	EulerOS 2.0 SP5 : qt (EulerOS-SA-2019-2186)	Nessus	Huawei Local Security Checks	medium
128359	CentOS 7 : qt5-qt3d / qt5-qtbase / qt5-qtcanvas3d / qt5-qtconnectivity / qt5-qtdeclarative / etc (CESA-2019:2135)	Nessus	CentOS Local Security Checks	high
128258	Scientific Linux Security Update : qt5 on SL7.x x86_64 (20190806)	Nessus	Scientific Linux Local Security Checks	high
127679	RHEL 7 : qt5 (RHSA-2019:2135)	Nessus	Red Hat Local Security Checks	high
124875	Debian DLA-1786-1 : qt4-x11 security update	Nessus	Debian Local Security Checks	high
123662	openSUSE Security Update : libqt5-qtimageformats (openSUSE-2019-1115)	Nessus	SuSE Local Security Checks	medium
123063	SUSE SLED15 / SLES15 Security Update : libqt5-qtimageformats (SUSE-SU-2019:0705-1)	Nessus	SuSE Local Security Checks	medium
121444	Fedora 29 : mingw-python-qt5 / mingw-qt5-qt3d / mingw-qt5-qtactiveqt / etc (2019-3c45bd2cc3)	Nessus	Fedora Local Security Checks	medium

CVE-2018-19871

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins