An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:1665 advisory.

  - An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in     qsvghandler.cpp. (CVE-2018-19869)

  - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
    (CVE-2018-19871)

  - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in     qppmhandler.cpp. (CVE-2018-19872)

  - An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase     5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application     via a text file containing many directional characters. (CVE-2019-18281)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the qt5-qtbase packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase     5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application     via a text file containing many directional characters. (CVE-2019-18281)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1665 advisory.

    Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string,     xml, and network handling in Qt.

    The following packages have been upgraded to a later upstream version: qt5 (5.12.5), qt5-qt3d (5.12.5),     qt5-qtbase (5.12.5), qt5-qtcanvas3d (5.12.5), qt5-qtconnectivity (5.12.5), qt5-qtdeclarative (5.12.5),     qt5-qtdoc (5.12.5), qt5-qtgraphicaleffects (5.12.5), qt5-qtimageformats (5.12.5), qt5-qtlocation (5.12.5),     qt5-qtmultimedia (5.12.5), qt5-qtquickcontrols (5.12.5), qt5-qtquickcontrols2 (5.12.5), qt5-qtscript     (5.12.5), qt5-qtsensors (5.12.5), qt5-qtserialbus (5.12.5), qt5-qtserialport (5.12.5), qt5-qtsvg (5.12.5),     qt5-qttools (5.12.5), qt5-qttranslations (5.12.5), qt5-qtwayland (5.12.5), qt5-qtwebchannel (5.12.5),     qt5-qtwebsockets (5.12.5), qt5-qtx11extras (5.12.5), qt5-qtxmlpatterns (5.12.5), python-qt5 (5.13.1), sip     (4.19.19). (BZ#1775603, BZ#1775604)

    Security Fix(es):

    * qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp (CVE-2018-19872)

    * qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)

    * qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202003-60 (QtCore: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in QtCore. Please review       the CVE identifiers referenced below for details.
  Impact :

    An attacker could possibly execute arbitrary code with the privileges of       the process or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4275-1 advisory.

    It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were     tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in     a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19872)

    It was discovered that Qt incorrectly handled certain text files. If a user or automated system were     tricked into opening a specially crafted text file, a remote attacker could cause Qt to crash, resulting     in a denial of service. This issue only affected Ubuntu 19.10. (CVE-2019-18281)

    It was discovered that Qt incorrectly searched for plugins in the current working directory. An attacker     could possibly use this issue to execute arbitrary code. (CVE-2020-0569)

    It was discovered that Qt incorrectly searched for libraries relative to the current working directory. An     attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.10.
    (CVE-2020-0570)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An out-of-bounds memory access was discovered in the Qt library, which could result in denial of service through a text file containing many directional characters.

The oldstable distribution (stretch) is not affected.

ID	Name	Product	Family	Severity
184535	Rocky Linux 8 : qt5 (RLSA-2020:1665)	Nessus	Rocky Linux Local Security Checks	medium
160145	EulerOS 2.0 SP8 : qt5-qtbase (EulerOS-SA-2022-1584)	Nessus	Huawei Local Security Checks	medium
136117	RHEL 8 : qt5 (RHSA-2020:1665)	Nessus	Red Hat Local Security Checks	medium
134968	GLSA-202003-60 : QtCore: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
133647	Ubuntu 16.04 LTS / 18.04 LTS : Qt vulnerabilities (USN-4275-1)	Nessus	Ubuntu Local Security Checks	high
130437	Debian DSA-4556-1 : qtbase-opensource-src - security update	Nessus	Debian Local Security Checks	medium

Detections

Analytics

CVE-2019-18281

medium

Tenable Plugins

medium

medium

medium

high

high

medium