Vulnerability-Lookup

CVE-2020-17507 (GCVE-0-2020-17507)

Vulnerability from cvelistv5 – Published: 2020-08-12 17:35 – Updated: 2024-08-04 14:00

Summary

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://codereview.qt-project.org/c/qt/qtbase/+/308436	x_refsource_MISC
	https://codereview.qt-project.org/c/qt/qtbase/+/308495	x_refsource_MISC
	https://codereview.qt-project.org/c/qt/qtbase/+/308496	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://security.gentoo.org/glsa/202009-04	vendor-advisoryx_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:00:47.515Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
          },
          {
            "name": "FEDORA-2020-b8091188d0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
          },
          {
            "name": "FEDORA-2020-8dd86f1b3f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
          },
          {
            "name": "GLSA-202009-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202009-04"
          },
          {
            "name": "openSUSE-SU-2020:1452",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
          },
          {
            "name": "openSUSE-SU-2020:1500",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
          },
          {
            "name": "openSUSE-SU-2020:1501",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
          },
          {
            "name": "openSUSE-SU-2020:1530",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
          },
          {
            "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
          },
          {
            "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2020:1564",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
          },
          {
            "name": "openSUSE-SU-2020:1568",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-28T23:06:08.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
        },
        {
          "name": "FEDORA-2020-b8091188d0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
        },
        {
          "name": "FEDORA-2020-8dd86f1b3f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
        },
        {
          "name": "GLSA-202009-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202009-04"
        },
        {
          "name": "openSUSE-SU-2020:1452",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
        },
        {
          "name": "openSUSE-SU-2020:1500",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
        },
        {
          "name": "openSUSE-SU-2020:1501",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
        },
        {
          "name": "openSUSE-SU-2020:1530",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
        },
        {
          "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
        },
        {
          "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2020:1564",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
        },
        {
          "name": "openSUSE-SU-2020:1568",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-17507",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
              "refsource": "MISC",
              "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
            },
            {
              "name": "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
              "refsource": "MISC",
              "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
            },
            {
              "name": "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
              "refsource": "MISC",
              "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
            },
            {
              "name": "FEDORA-2020-b8091188d0",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
            },
            {
              "name": "FEDORA-2020-8dd86f1b3f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
            },
            {
              "name": "GLSA-202009-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202009-04"
            },
            {
              "name": "openSUSE-SU-2020:1452",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
            },
            {
              "name": "openSUSE-SU-2020:1500",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
            },
            {
              "name": "openSUSE-SU-2020:1501",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
            },
            {
              "name": "openSUSE-SU-2020:1530",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
            },
            {
              "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
            },
            {
              "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
            },
            {
              "name": "openSUSE-SU-2020:1564",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
            },
            {
              "name": "openSUSE-SU-2020:1568",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-17507",
    "datePublished": "2020-08-12T17:35:20.000Z",
    "dateReserved": "2020-08-12T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:00:47.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-17507

Vulnerability from fstec - Published: 15.08.2020

Title

Уязвимость функции read_xbm_body кроссплатформенной IDE Qt, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции read_xbm_body кроссплатформенной IDE Qt связана с чтением за допустимыми границами буфера данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», The Qt Company, Kramer Electronics Ltd., АО «Концерн ВНИИНС»

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Qt, Kramer VIA, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), до 5.12.9 включительно (Qt), от 5.13.0 до 5.15.1 (Qt), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 4.0.1.1328 (Kramer VIA), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для Qt: https://codereview.qt-project.org/c/qt/qtbase/+/308495 Для Debian: https://security-tracker.debian.org/tracker/CVE-2020-17507 Для Astra Linux: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47 Компенсирующие меры для Kramer VIA: - использование антивирусных средств защиты; - мониторинг действий пользователей; - запуск приложений от имени пользователя с минимальными возможными привилегиями в операционной системе; - применение систем обнаружения и предотвращения вторжений. Для ОС ОН «Стрелец»: Обновление программного обеспечения qt4-x11 до версии 4:4.8.7+dfsg.repack-11+deb9u1.osnova1 Обновление программного обеспечения qtbase-opensource-src до версии 5.7.1+dfsg.repack-3+deb9u3.osnova6

Reference

https://codereview.qt-project.org/c/qt/qtbase/+/308436 https://codereview.qt-project.org/c/qt/qtbase/+/308495 https://codereview.qt-project.org/c/qt/qtbase/+/308496 https://nvd.nist.gov/vuln/detail/CVE-2020-17507 https://security-tracker.debian.org/tracker/CVE-2020-17507 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

CWE

CWE-125

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, The Qt Company, Kramer Electronics Ltd., \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u0434\u043e 5.12.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Qt), \u043e\u0442 5.13.0 \u0434\u043e 5.15.1 (Qt), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 4.0.1.1328 (Kramer VIA), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Qt:\nhttps://codereview.qt-project.org/c/qt/qtbase/+/308495\n\n\u0414\u043b\u044f Debian:\nhttps://security-tracker.debian.org/tracker/CVE-2020-17507\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b \u0434\u043b\u044f Kramer VIA:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b;\n- \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u0437\u0430\u043f\u0443\u0441\u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435;\n- \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439.\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f qt4-x11 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 4:4.8.7+dfsg.repack-11+deb9u1.osnova1\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f qtbase-opensource-src \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.7.1+dfsg.repack-3+deb9u3.osnova6",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.08.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.07.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03630",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-17507",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Qt, Kramer VIA, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 read_xbm_body \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 IDE Qt, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 read_xbm_body \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 IDE Qt \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://codereview.qt-project.org/c/qt/qtbase/+/308436\nhttps://codereview.qt-project.org/c/qt/qtbase/+/308495\nhttps://codereview.qt-project.org/c/qt/qtbase/+/308496\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-17507\nhttps://security-tracker.debian.org/tracker/CVE-2020-17507\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)"
}

GHSA-JQ9V-W227-79GP

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-12-03 15:30

Details

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-17507"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-12T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",
  "id": "GHSA-jq9v-w227-79gp",
  "modified": "2022-12-03T15:30:26Z",
  "published": "2022-05-24T17:25:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17507"
    },
    {
      "type": "WEB",
      "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
    },
    {
      "type": "WEB",
      "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
    },
    {
      "type": "WEB",
      "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202009-04"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2020-47311

Vulnerability from cnvd - Published: 2020-08-20

Title

Digia Qt缓冲区溢出漏洞（CNVD-2020-47311）

Description

Digia Qt是芬兰Digia公司的一套跨平台的C++应用程序开发框架。该框架可用于开发GUI程序。 Digia Qt 5.12.9及之前版本和5.13.x版本至5.15.x版本（5.15.1版本已修复）中的gui/image/qxbmhandler.cpp文件的read_xbm_body存在缓冲区溢出漏洞。攻击者可利用该漏洞执行任意代码。

Severity

高

Patch Name

Digia Qt缓冲区溢出漏洞（CNVD-2020-47311）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.qt.io/

Reference

https://codereview.qt-project.org/c/qt/qtbase/+/308436

Impacted products

Name
['Digia Qt <=5.12.9', 'Digia Qt >=5.13.*，<=5.15.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-17507",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-17507"
    }
  },
  "description": "Digia Qt\u662f\u82ac\u5170Digia\u516c\u53f8\u7684\u4e00\u5957\u8de8\u5e73\u53f0\u7684C++\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u6846\u67b6\u3002\u8be5\u6846\u67b6\u53ef\u7528\u4e8e\u5f00\u53d1GUI\u7a0b\u5e8f\u3002\n\nDigia Qt 5.12.9\u53ca\u4e4b\u524d\u7248\u672c\u548c5.13.x\u7248\u672c\u81f35.15.x\u7248\u672c\uff085.15.1\u7248\u672c\u5df2\u4fee\u590d\uff09\u4e2d\u7684gui/image/qxbmhandler.cpp\u6587\u4ef6\u7684read_xbm_body\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.qt.io/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-47311",
  "openTime": "2020-08-20",
  "patchDescription": "Digia Qt\u662f\u82ac\u5170Digia\u516c\u53f8\u7684\u4e00\u5957\u8de8\u5e73\u53f0\u7684C++\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u6846\u67b6\u3002\u8be5\u6846\u67b6\u53ef\u7528\u4e8e\u5f00\u53d1GUI\u7a0b\u5e8f\u3002\r\n\r\nDigia Qt 5.12.9\u53ca\u4e4b\u524d\u7248\u672c\u548c5.13.x\u7248\u672c\u81f35.15.x\u7248\u672c\uff085.15.1\u7248\u672c\u5df2\u4fee\u590d\uff09\u4e2d\u7684gui/image/qxbmhandler.cpp\u6587\u4ef6\u7684read_xbm_body\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Digia Qt\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2020-47311\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Digia Qt \u003c=5.12.9",
      "Digia Qt \u003e=5.13.*\uff0c\u003c=5.15.1"
    ]
  },
  "referenceLink": "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
  "serverity": "\u9ad8",
  "submitTime": "2020-08-14",
  "title": "Digia Qt\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2020-47311\uff09"
}

GSD-2020-17507

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.

Aliases

CVE-2020-17507

Aliases

CVE-2020-17507

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-17507",
    "description": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",
    "id": "GSD-2020-17507",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-17507.html",
      "https://access.redhat.com/errata/RHSA-2021:1756",
      "https://access.redhat.com/errata/RHSA-2020:5021",
      "https://ubuntu.com/security/CVE-2020-17507",
      "https://advisories.mageia.org/CVE-2020-17507.html",
      "https://linux.oracle.com/cve/CVE-2020-17507.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-17507"
      ],
      "details": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",
      "id": "GSD-2020-17507",
      "modified": "2023-12-13T01:21:50.200550Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-17507",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
            "refsource": "MISC",
            "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
          },
          {
            "name": "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
            "refsource": "MISC",
            "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
          },
          {
            "name": "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
            "refsource": "MISC",
            "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
          },
          {
            "name": "FEDORA-2020-b8091188d0",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
          },
          {
            "name": "FEDORA-2020-8dd86f1b3f",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
          },
          {
            "name": "GLSA-202009-04",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202009-04"
          },
          {
            "name": "openSUSE-SU-2020:1452",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
          },
          {
            "name": "openSUSE-SU-2020:1500",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
          },
          {
            "name": "openSUSE-SU-2020:1501",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
          },
          {
            "name": "openSUSE-SU-2020:1530",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
          },
          {
            "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
          },
          {
            "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2020:1564",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
          },
          {
            "name": "openSUSE-SU-2020:1568",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.15.1",
                "versionStartIncluding": "5.13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.12.9",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-17507"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
            },
            {
              "name": "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
            },
            {
              "name": "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
            },
            {
              "name": "FEDORA-2020-b8091188d0",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
            },
            {
              "name": "FEDORA-2020-8dd86f1b3f",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
            },
            {
              "name": "GLSA-202009-04",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202009-04"
            },
            {
              "name": "openSUSE-SU-2020:1452",
              "refsource": "SUSE",
              "tags": [
                "Broken Link"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
            },
            {
              "name": "openSUSE-SU-2020:1500",
              "refsource": "SUSE",
              "tags": [
                "Broken Link"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
            },
            {
              "name": "openSUSE-SU-2020:1501",
              "refsource": "SUSE",
              "tags": [
                "Broken Link"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
            },
            {
              "name": "openSUSE-SU-2020:1530",
              "refsource": "SUSE",
              "tags": [
                "Broken Link"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
            },
            {
              "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
            },
            {
              "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
            },
            {
              "name": "openSUSE-SU-2020:1564",
              "refsource": "SUSE",
              "tags": [
                "Broken Link"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
            },
            {
              "name": "openSUSE-SU-2020:1568",
              "refsource": "SUSE",
              "tags": [
                "Broken Link"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2022-12-03T15:13Z",
      "publishedDate": "2020-08-12T18:15Z"
    }
  }
}

FKIE_CVE-2020-17507

Vulnerability from fkie_nvd - Published: 2020-08-12 18:15 - Updated: 2024-11-21 05:08

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html	Broken Link
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html	Broken Link
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html	Broken Link
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html	Broken Link
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html	Broken Link
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html	Broken Link
cve@mitre.org	https://codereview.qt-project.org/c/qt/qtbase/+/308436	Mailing List, Patch, Vendor Advisory
cve@mitre.org	https://codereview.qt-project.org/c/qt/qtbase/+/308495	Mailing List, Patch, Vendor Advisory
cve@mitre.org	https://codereview.qt-project.org/c/qt/qtbase/+/308496	Mailing List, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/
cve@mitre.org	https://security.gentoo.org/glsa/202009-04	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://codereview.qt-project.org/c/qt/qtbase/+/308436	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://codereview.qt-project.org/c/qt/qtbase/+/308495	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://codereview.qt-project.org/c/qt/qtbase/+/308496	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202009-04	Third Party Advisory

Impacted products

Vendor	Product	Version
qt	qt	*
qt	qt	*
debian	debian_linux	9.0
fedoraproject	fedora	31
fedoraproject	fedora	32

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2C737E0-DF07-47D9-AF8B-664A3857246A",
              "versionEndIncluding": "5.12.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AE6A48D-B484-4F13-861F-EFDB09D2A0FB",
              "versionEndExcluding": "5.15.1",
              "versionStartIncluding": "5.13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Qt versiones hasta 5.12.9 y versiones 5.13.x hasta 5.15.x anteriores a 5.15.1. La funci\u00f3n read_xbm_body en el archivo gui/image/qxbmhandler.cpp presenta una lectura excesiva del b\u00fafer"
    }
  ],
  "id": "CVE-2020-17507",
  "lastModified": "2024-11-21T05:08:15.007",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-12T18:15:17.637",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202009-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202009-04"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2020-17507

Vulnerability from osv_almalinux

Published

2021-05-18 06:01

Modified

2021-08-11 08:54

Summary

Moderate: qt5-qtbase security and bug fix update

Details

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt.

Security Fix(es):

qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp (CVE-2020-17507)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "qt5-qtbase-static"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.12.5-8.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. \n\nSecurity Fix(es):\n\n* qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp (CVE-2020-17507)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2021:1756",
  "modified": "2021-08-11T08:54:00Z",
  "published": "2021-05-18T06:01:21Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-17507"
    }
  ],
  "related": [
    "CVE-2020-17507"
  ],
  "summary": "Moderate: qt5-qtbase security and bug fix update"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-17507 (GCVE-0-2020-17507)

CVE-2020-17507

GHSA-JQ9V-W227-79GP

CNVD-2020-47311

GSD-2020-17507

FKIE_CVE-2020-17507

CVE-2020-17507

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature