Vulnerability Details CVE-2018-19873
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.134
EPSS Ranking 93.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html
- https://access.redhat.com/errata/RHSA-2019:2135
- https://access.redhat.com/errata/RHSA-2019:3390
- https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
- https://codereview.qt-project.org/#/c/238749/
- https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
- https://usn.ubuntu.com/4003-1/
- https://www.debian.org/security/2019/dsa-4374
- http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html
- https://access.redhat.com/errata/RHSA-2019:2135
- https://access.redhat.com/errata/RHSA-2019:3390
- https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
- https://codereview.qt-project.org/#/c/238749/
- https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
- https://usn.ubuntu.com/4003-1/
- https://www.debian.org/security/2019/dsa-4374
Products affected by CVE-2018-19873
-
cpe:2.3:a:qt:qt:1.41
-
cpe:2.3:a:qt:qt:1.42
-
cpe:2.3:a:qt:qt:1.43
-
cpe:2.3:a:qt:qt:1.44
-
cpe:2.3:a:qt:qt:1.45
-
cpe:2.3:a:qt:qt:2.0.0
-
cpe:2.3:a:qt:qt:2.0.1
-
cpe:2.3:a:qt:qt:2.0.2
-
cpe:2.3:a:qt:qt:2.00
-
cpe:2.3:a:qt:qt:2.1.0
-
cpe:2.3:a:qt:qt:2.1.1
-
cpe:2.3:a:qt:qt:2.2.0
-
cpe:2.3:a:qt:qt:2.2.1
-
cpe:2.3:a:qt:qt:2.2.2
-
cpe:2.3:a:qt:qt:2.2.3
-
cpe:2.3:a:qt:qt:2.2.4
-
cpe:2.3:a:qt:qt:2.3.0
-
cpe:2.3:a:qt:qt:2.3.1
-
cpe:2.3:a:qt:qt:2.3.10
-
cpe:2.3:a:qt:qt:2.3.2
-
cpe:2.3:a:qt:qt:2.3.4
-
cpe:2.3:a:qt:qt:2.3.5
-
cpe:2.3:a:qt:qt:2.3.6
-
cpe:2.3:a:qt:qt:2.3.7
-
cpe:2.3:a:qt:qt:2.3.8
-
cpe:2.3:a:qt:qt:3.0.0
-
cpe:2.3:a:qt:qt:3.0.1
-
cpe:2.3:a:qt:qt:3.0.2
-
cpe:2.3:a:qt:qt:3.0.3
-
cpe:2.3:a:qt:qt:3.0.4
-
cpe:2.3:a:qt:qt:3.0.5
-
cpe:2.3:a:qt:qt:3.0.6
-
cpe:2.3:a:qt:qt:3.0.7
-
cpe:2.3:a:qt:qt:3.1.0
-
cpe:2.3:a:qt:qt:3.1.1
-
cpe:2.3:a:qt:qt:3.1.2
-
cpe:2.3:a:qt:qt:3.2.0
-
cpe:2.3:a:qt:qt:3.2.1
-
cpe:2.3:a:qt:qt:3.2.2
-
cpe:2.3:a:qt:qt:3.2.3
-
cpe:2.3:a:qt:qt:3.3.0
-
cpe:2.3:a:qt:qt:3.3.1
-
cpe:2.3:a:qt:qt:3.3.2
-
cpe:2.3:a:qt:qt:3.3.3
-
cpe:2.3:a:qt:qt:3.3.4
-
cpe:2.3:a:qt:qt:3.3.5
-
cpe:2.3:a:qt:qt:3.3.6
-
cpe:2.3:a:qt:qt:3.3.7
-
cpe:2.3:a:qt:qt:3.3.8
-
cpe:2.3:a:qt:qt:3.3.8b
-
cpe:2.3:a:qt:qt:4.0.0
-
cpe:2.3:a:qt:qt:4.0.1
-
cpe:2.3:a:qt:qt:4.1.0
-
cpe:2.3:a:qt:qt:4.1.1
-
cpe:2.3:a:qt:qt:4.1.2
-
cpe:2.3:a:qt:qt:4.1.3
-
cpe:2.3:a:qt:qt:4.1.4
-
cpe:2.3:a:qt:qt:4.1.5
-
cpe:2.3:a:qt:qt:4.2.0
-
cpe:2.3:a:qt:qt:4.2.1
-
cpe:2.3:a:qt:qt:4.2.2
-
cpe:2.3:a:qt:qt:4.2.3
-
cpe:2.3:a:qt:qt:4.3.0
-
cpe:2.3:a:qt:qt:4.3.1
-
cpe:2.3:a:qt:qt:4.3.2
-
cpe:2.3:a:qt:qt:4.3.3
-
cpe:2.3:a:qt:qt:4.3.4
-
cpe:2.3:a:qt:qt:4.3.5
-
cpe:2.3:a:qt:qt:4.4.0
-
cpe:2.3:a:qt:qt:4.4.1
-
cpe:2.3:a:qt:qt:4.4.2
-
cpe:2.3:a:qt:qt:4.4.3
-
cpe:2.3:a:qt:qt:4.5.0
-
cpe:2.3:a:qt:qt:4.5.1
-
cpe:2.3:a:qt:qt:4.5.2
-
cpe:2.3:a:qt:qt:4.5.3
-
cpe:2.3:a:qt:qt:4.6.0
-
cpe:2.3:a:qt:qt:4.6.1
-
cpe:2.3:a:qt:qt:4.6.2
-
cpe:2.3:a:qt:qt:4.6.3
-
cpe:2.3:a:qt:qt:4.6.4
-
cpe:2.3:a:qt:qt:4.6.5
-
cpe:2.3:a:qt:qt:4.7.0
-
cpe:2.3:a:qt:qt:4.7.1
-
cpe:2.3:a:qt:qt:4.7.2
-
cpe:2.3:a:qt:qt:4.7.3
-
cpe:2.3:a:qt:qt:4.7.4
-
cpe:2.3:a:qt:qt:4.7.5
-
cpe:2.3:a:qt:qt:4.7.6
-
cpe:2.3:a:qt:qt:4.8.0
-
cpe:2.3:a:qt:qt:4.8.1
-
cpe:2.3:a:qt:qt:4.8.2
-
cpe:2.3:a:qt:qt:4.8.3
-
cpe:2.3:a:qt:qt:4.8.4
-
cpe:2.3:a:qt:qt:4.8.5
-
cpe:2.3:a:qt:qt:4.8.6
-
cpe:2.3:a:qt:qt:4.8.7
-
cpe:2.3:a:qt:qt:5.0.0
-
cpe:2.3:a:qt:qt:5.0.1
-
cpe:2.3:a:qt:qt:5.0.2
-
cpe:2.3:a:qt:qt:5.1.0
-
cpe:2.3:a:qt:qt:5.1.1
-
cpe:2.3:a:qt:qt:5.10.0
-
cpe:2.3:a:qt:qt:5.10.1
-
cpe:2.3:a:qt:qt:5.11.0
-
cpe:2.3:a:qt:qt:5.11.1
-
cpe:2.3:a:qt:qt:5.11.2
-
cpe:2.3:a:qt:qt:5.2.0
-
cpe:2.3:a:qt:qt:5.2.1
-
cpe:2.3:a:qt:qt:5.3.0
-
cpe:2.3:a:qt:qt:5.3.1
-
cpe:2.3:a:qt:qt:5.3.2
-
cpe:2.3:a:qt:qt:5.4.0
-
cpe:2.3:a:qt:qt:5.4.1
-
cpe:2.3:a:qt:qt:5.4.2
-
cpe:2.3:a:qt:qt:5.5.0
-
cpe:2.3:a:qt:qt:5.5.1
-
cpe:2.3:a:qt:qt:5.7.0
-
cpe:2.3:a:qt:qt:5.7.1
-
cpe:2.3:a:qt:qt:5.8.0
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.10
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:opensuse:backports:sle-15
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:opensuse:leap:15.2
-
cpe:2.3:o:opensuse:leap:42.3