Improper Input Validation Affecting qt-mysql package, versions <1:4.8.7-9.el7_9
Threat Intelligence
EPSS
0.32% (71st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL7-QTMYSQL-1531300
- published 26 Jul 2021
- disclosed 12 Aug 2020
How to fix?
Upgrade RHEL:7 qt-mysql to version 1:4.8.7-9.el7_9 or higher.
This issue was patched in RHSA-2020:5021.
NVD Description
Note: Versions mentioned in the description apply only to the upstream qt-mysql package and not the qt-mysql package as distributed by RHEL.
See How to fix? for RHEL:7 relevant fixed versions and status.
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
References
- https://access.redhat.com/security/cve/CVE-2020-17507
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/
- https://security.gentoo.org/glsa/202009-04
- https://codereview.qt-project.org/c/qt/qtbase/+/308436
- https://codereview.qt-project.org/c/qt/qtbase/+/308495
- https://codereview.qt-project.org/c/qt/qtbase/+/308496
- https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html
- https://access.redhat.com/errata/RHSA-2020:5021
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/
CVSS Scores
version 3.1