An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html
codereview.qt-project.org/c/qt/qtbase/+/308436
codereview.qt-project.org/c/qt/qtbase/+/308495
codereview.qt-project.org/c/qt/qtbase/+/308496
lists.debian.org/debian-lts-announce/2020/09/msg00023.html
lists.debian.org/debian-lts-announce/2020/09/msg00024.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/
security.gentoo.org/glsa/202009-04