CVE-2018-19869 : An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segm

An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.

Published 2018-12-26 21:29:02

Updated 2020-11-02 21:15:14

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionInput validation

Products affected by CVE-2018-19869

QT » QT
Versions before (<) 5.11.3
cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.0
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-19869

EPSS FAQ

0.91%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 74 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-19869

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2018-19869

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-19869

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html

[security-announce] openSUSE-SU-2020:1452-1: moderate: Security update f

CVEs referencing this url
https://codereview.qt-project.org/#/c/234142/

Issue Tracking;Patch;Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html

[security-announce] openSUSE-SU-2019:1116-1: moderate: Security update f
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2135

RHSA-2019:2135 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html

[SECURITY] [DLA 1786-1] qt4-x11 security update

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html

[security-announce] openSUSE-SU-2020:1501-1: moderate: Security update f

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html

[security-announce] openSUSE-SU-2020:1530-1: moderate: Security update f

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html

[SECURITY] [DLA 2377-1] qt4-x11 security update

CVEs referencing this url
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/

Qt 5.11.3 Released with Important Security Updates - Qt Blog
Release Notes;Vendor Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html

[security-announce] openSUSE-SU-2020:1500-1: moderate: Security update f

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html

[SECURITY] [DLA 2422-1] qtsvg-opensource-src security update

Jump to

Vulnerability Details : CVE-2018-19869

Products affected by CVE-2018-19869

Exploit prediction scoring system (EPSS) score for CVE-2018-19869

CVSS scores for CVE-2018-19869

CWE ids for CVE-2018-19869

References for CVE-2018-19869