Lucene search

K
qtAndy ShawQT:4450E23D85850EEC88DDB90DB16B99C2
HistoryApr 05, 2022 - 12:00 a.m.

Security advisory: Recently reported zlib compression issue impacts Qt

2022-04-0500:00:00
Andy Shaw
www.qt.io
99

0.003 Low

EPSS

Percentile

68.4%

zlib has recently reported that it has a security issue when deflating which could cause memory corruption if the input has many distant matches. This is reported in a bit more detail here: <https://github.com/madler/zlib/issues/605&gt; and has been assigned the CVE id CVE-2018-25032. This has been fixed in an update to zlib 1.2.12

This affects some aspects of Qt, particularly when compressing ODF files (via QTextDocumentWriter), compressing PNG files when they are saved and also when qCompress() is used.

Solution: Apply the following patch or update to Qt 5.15.9, Qt 6.2.5, or Qt 6.3.0.

Patches:

dev: <https://codereview.qt-project.org/c/qt/qtbase/+/403020&gt;
6.3: <https://codereview.qt-project.org/c/qt/qtbase/+/403623&gt; or <https://download.qt.io/official_releases/qt/6.3/CVE-2018-25032-qtbase-6.3.diff&gt;
6.2: <https://codereview.qt-project.org/c/qt/qtbase/+/403625&gt; or <https://download.qt.io/official_releases/qt/6.2/CVE-2018-25032-qtbase-6.2.diff&gt;
5.15: <https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/403628&gt; or <https://download.qt.io/official_releases/qt/5.15/CVE-2018-25032-qtbase-5.15.diff&gt;