Package        : qtbase-opensource-src
Version        : 5.3.2+dfsg-4+deb8u3
CVE ID         : CVE-2018-15518 CVE-2018-19870 CVE-2018-19873

Multiple issues were fixed in Qt.

CVE-2018-15518
A double-free or corruption during parsing of a specially crafted 
illegal XML document.

CVE-2018-19870
A malformed GIF image might have caused a NULL pointer dereference in 
QGifHandler resulting in a segmentation fault.

CVE-2018-19873
QBmpHandler had a buffer overflow via BMP data.

For Debian 8 "Jessie", these problems have been fixed in version
5.3.2+dfsg-4+deb8u3.

We recommend that you upgrade your qtbase-opensource-src packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-1627-1: qtbase-opensource-src security update

January 3, 2019
Multiple issues were fixed in Qt

Summary

CVE-2018-19870
A malformed GIF image might have caused a NULL pointer dereference in
QGifHandler resulting in a segmentation fault.

CVE-2018-19873
QBmpHandler had a buffer overflow via BMP data.

For Debian 8 "Jessie", these problems have been fixed in version
5.3.2+dfsg-4+deb8u3.

We recommend that you upgrade your qtbase-opensource-src packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



Severity
Package : qtbase-opensource-src
Version : 5.3.2+dfsg-4+deb8u3
CVE ID : CVE-2018-15518 CVE-2018-19870 CVE-2018-19873

Related News

34.Key AbstractDigital Esm H170
2 - 4 min read
Security threats continue developing rapidly, with attackers finding new vulnerabilities daily. Recent findings from researchers at Uptycs indicate
32.Lock Code Circular Esm H170
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its
1.Penguin Landscape Esm H170
2 - 3 min read
On Independence Day, there is a deep recognition of digital autonomy amidst the colorful fireworks displays and patriotic revelry. At LinuxSecurity,
20.Lock AbstractDigital Circular Esm H170
2 - 3 min read
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other
11.Locks IsometricPattern Esm H170
2 - 4 min read
Linux Mint is a user-friendly GNU/Linux desktop distribution built upon Ubuntu and Debian for maximum reliability while offering an aesthetically
32.Lock Code Circular Esm H170
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
27.Tablet Connections Blocks Lock Esm H170
2 - 4 min read
Debian recently unveiled a significant update to its stable distribution, Debian 12.6 (codename "bookworm"). While not an entirely new release, this
8.Locks HexConnections CodeGlobe Esm H170
2 - 4 min read
Canonical has made headlines with its groundbreaking long-term support (LTS) service offering to extend far beyond Ubuntu deb packages, promising 12

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved