Out-of-Bounds Affecting qt-mysql package, versions <1:4.8.7-8.el7
Threat Intelligence
EPSS
0.71% (81st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL7-QTMYSQL-1524678
- published 26 Jul 2021
- disclosed 6 Dec 2018
Introduced: 6 Dec 2018
CVE-2018-19873 Open this link in a new tabHow to fix?
Upgrade RHEL:7 qt-mysql to version 1:4.8.7-8.el7 or higher.
This issue was patched in RHSA-2020:1172.
NVD Description
Note: Versions mentioned in the description apply only to the upstream qt-mysql package and not the qt-mysql package as distributed by RHEL.
See How to fix? for RHEL:7 relevant fixed versions and status.
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
References
- https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
- https://codereview.qt-project.org/#/c/238749/
- https://access.redhat.com/security/cve/CVE-2018-19873
- https://www.debian.org/security/2019/dsa-4374
- https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
- https://access.redhat.com/errata/RHSA-2020:1172
- http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html
- https://usn.ubuntu.com/4003-1/