Fluid Attacks Database

Description

An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	qtbase-opensource-src-gles	>=0 <5.12.5+dfsg-1	5.12.5+dfsg-1
debian 14	qtbase-opensource-src-gles	>=0 <5.12.5+dfsg-1	5.12.5+dfsg-1
debian 12	qtbase-opensource-src	>=0 <5.12.5+dfsg-2	5.12.5+dfsg-2
debian 14	qtbase-opensource-src	>=0 <5.12.5+dfsg-2	5.12.5+dfsg-2
debian 11	qtbase-opensource-src-gles	>=0 <5.12.5+dfsg-1	5.12.5+dfsg-1
debian 12	qtbase-opensource-src-gles	>=0 <5.12.5+dfsg-1	5.12.5+dfsg-1
debian 13	qtbase-opensource-src	>=0 <5.12.5+dfsg-2	5.12.5+dfsg-2
debian 11	qtbase-opensource-src	>=0 <5.12.5+dfsg-2	5.12.5+dfsg-2
rpm rhel8	qt5-qtcanvas3d	<0:5.12.5-1.el8	0:5.12.5-1.el8
rpm rhel8	qt5-qtimageformats	<0:5.12.5-1.el8	0:5.12.5-1.el8

1-10 of 36

Aliases

1. CVE-2019-182812. NVD-2019-182813. OSV-DEBIAN-2019-182814. OSV-2019-182815. SECURITY-TRACKER-CVE-2019-18281

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.