CVE-2018-19872

An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/	Patch Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html	Mailing List Third Party Advisory
https://bugreports.qt.io/browse/QTBUG-69449	Exploit Issue Tracking Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/
https://usn.ubuntu.com/4275-1/

Configurations

Configuration 1 (hide)

cpe:2.3:a:qt:qt:5.11.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:28:::::::*
	cpe:2.3:o:fedoraproject:fedora:29:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*

History

07 Nov 2023, 02:55

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/', 'name': 'FEDORA-2019-b5e690b96e', 'tags': ['Mailing List', 'Release Notes', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/', 'name': 'FEDORA-2019-03ac7f1d2f', 'tags': ['Mailing List', 'Release Notes', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/', 'name': 'FEDORA-2019-ae913a2f00', 'tags': ['Mailing List', 'Release Notes', 'Third Party Advisory'], 'refsource': 'FEDORA'}	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/ -

Information

Published : 2019-03-21 16:00

Updated : 2023-12-10 12:59

NVD link : CVE-2018-19872

Mitre link : CVE-2018-19872

CVE.ORG link : CVE-2018-19872

JSON object : View

Products Affected

opensuse

leap

fedoraproject

fedora

CWE

CWE-369

Divide By Zero

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2018-19872

5.5^/10

4.3^/10

Attach tags to `CVE-2018-19872`