Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia 9: 2025-0046 moderate: qtbase5 & qtbase6 Buffer Overflow Advisory

mageia
Calendar Grey February 9, 2025
Dist Mageia Esm H88
The latest qtbase5 and qtbase6 updates rectify security vulnerabilities in Mageia. Announcement made on 09 February 2025.
network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check

Summary

network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. (CVE-2023-51714) A buffer overflow and application crash can occur via a crafted KTX image file. (CVE-2024-25580) Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed. (CVE-2024-39936)

References

- https://bugs.mageia.org/show_bug.cgi?id=33159

- https://lwn.net/Articles/971686/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVCBTKX6LVBTP6UEJQZ2PENI2KATSRJK/

- https://www.cve.org/CVERecord?id=CVE-2023-51714

- https://www.cve.org/CVERecord?id=CVE-2024-25580

- https://www.cve.org/CVERecord?id=CVE-2024-39936

Topics%20covered

Topics Covered

security advisory buffer overflow integer overflow application crash Mageia qtbase5 qtbase6

Resolution

SRPMS

- 9/core/qtbase5-5.15.7-6.1.mga9

- 9/core/qtbase6-6.4.1-5.1.mga9

Publication date: 09 Feb 2025
URL: https://advisories.mageia.org/MGASA-2025-0046.html
Type: security
CVE: CVE-2023-51714, CVE-2024-25580, CVE-2024-39936

Topics%20covered

Topics Covered

security advisory buffer overflow integer overflow application crash Mageia qtbase5 qtbase6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here