CVE-2020-17507 — Out-of-bounds Read in QT

CWE-125 — Out-of-bounds Read12 documents8 sources

Severity

5.3MEDIUMNVD

OSV7.5

EPSS

2.6%

top 14.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

QT Debian Qtbase-opensource-src Debian Linux +7 more

Timeline

PublishedAug 12

Latest updateMar 5

Description

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages8 packages

▶NVDqt/qt5.13.0 — 5.15.1+1

▶debiandebian/qtbase-opensource-src< qtbase-opensource-src 5.14.2+dfsg-6 (bookworm)

▶msrcmsrc/cbl_mariner_1.0_arm

▶msrcmsrc/cbl_mariner_1.0_x64

▶msrcmsrc/cbl_mariner_2.0_arm

Also affects: Debian Linux 9.0, Fedora 31, 32

Patches

Patch: codereview.qt-project.org ↗Patch: codereview.qt-project.org ↗Patch: codereview.qt-project.org ↗

🔴Vulnerability Details

OSV

qtbase-opensource-src vulnerabilities↗2026-03-05

▶

GHSA

GHSA-jq9v-w227-79gp: An issue was discovered in Qt through 5↗2022-05-24

▶

OSV

qtbase-opensource-src vulnerabilities↗2021-09-16

▶

OSV

CVE-2020-17507: An issue was discovered in Qt through 5↗2020-08-12

▶

📋Vendor Advisories

Ubuntu

Qt vulnerabilities↗2026-03-05

▶

Ubuntu

Qt vulnerabilities↗2021-09-16

▶

Red Hat

qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp↗2020-08-12

▶

Microsoft

An issue was discovered in Qt through 5.12.9 and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.↗2020-08-11

▶

Debian

CVE-2020-17507: qtbase-opensource-src - An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5...↗2020

▶

💬Community

Bugzilla

CVE-2020-17507 qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp↗2020-08-13

▶

Bugzilla

CVE-2020-17507 qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp [fedora-all]↗2020-08-13

▶