CVE-2018-19869Improper Input Validation in QT

CWE-20Improper Input Validation11 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
1.7%
top 17.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QTDebian Qtsvg-opensource-srcOpensuse Leap
Timeline
PublishedDec 26
Latest updateMay 13

Description

An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDqt/qt< 5.11.3
debiandebian/qtsvg-opensource-src< qtsvg-opensource-src 5.11.3-2 (bookworm)
NVDopensuse/leap15.0

Patches

Patch: codereview.qt-project.orgPatch: codereview.qt-project.org

🔴Vulnerability Details

2
GHSA
GHSA-pmgg-wc2m-p4m6: An issue was discovered in Qt before 52022-05-13
OSV
CVE-2018-19869: An issue was discovered in Qt before 52018-12-26

📋Vendor Advisories

3
Ubuntu
QtSvg vulnerabilities2022-01-19
Red Hat
qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service2018-07-30
Debian
CVE-2018-19869: qtsvg-opensource-src - An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segm...2018

💬Community

5
Bugzilla
CVE-2018-19869 qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service [fedora-all]2018-12-21
Bugzilla
CVE-2018-19869 qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service2018-12-21
Bugzilla
CVE-2018-19869 qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service [epel-6]2018-12-21
Bugzilla
CVE-2018-19869 mingw-qt5-qtsvg: qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service [epel-7]2018-12-21
Bugzilla
CVE-2018-19869 mingw-qt5-qtsvg: qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service [fedora-all]2018-12-21
CVE-2018-19869 — Improper Input Validation in QT | cvebase