Lucene search

K

Veracode Vulnerability DatabaseVERACODE:26489

HistoryAug 25, 2020 - 4:14 a.m.

Arbitrary Code Execution

2020-08-2504:14:30

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

qt5-qtbase is vulnerable to arbitrary code execution. The vulnerability exists through a buffer over-read read_xbm_body in gui/image/qxbmhandler.cpp which allows an attacker to inject and execute arbitrary codes into the system.

CPENameOperatorVersion
qt5-qtbase:3.12eq5.14.2-r0
qteq4.8.7__3.el7_6
qteq4.8.7__8.el7
qt5-qtbaseeq5.11.1__7.el8
qt5-qtbaseeq5.11.1__5.el8
qt5-qtbaseeq5.9.7__2.el7
qt5-qtbaseeq5.9.7__4.el7
qt5-qtbaseeq5.12.5__4.el8
qt5-qtbase:edgeeq5.14.1-r5
qt5-qtbase:edgeeq5.14.1-r2

Rows per page:

1-10 of 281

References

lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html

codereview.qt-project.org/c/qt/qtbase/+/308436

codereview.qt-project.org/c/qt/qtbase/+/308495

codereview.qt-project.org/c/qt/qtbase/+/308496

lists.debian.org/debian-lts-announce/2020/09/msg00023.html

lists.debian.org/debian-lts-announce/2020/09/msg00024.html

lists.fedoraproject.org/archives/list/[email protected]/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/

lists.fedoraproject.org/archives/list/[email protected]/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/

security.gentoo.org/glsa/202009-04

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for VERACODE:26489

nessus36 cbl_mariner2 gentoo1 openvas23 centos1 amazon1 suse7 fedora2 alpinelinux1 oraclelinux2 f51 cve1 almalinux1 redhat2 altlinux1 ubuntucve1 debiancve1 redhatcve1 mageia2 prion1 osv5 ubuntu1 debian2 rosalinux1