Bug 1764742 (CVE-2019-18281)

Summary: CVE-2019-18281 qt5-qtbase: Out-of-bounds access in generateDirectionalRuns() function in qtextengine.cpp
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: erik-fedora, jgrulich, jreznik, kde-sig, manisandro, rdieter, than
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: qt5-qtbase v-5.12.5 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-25 22:12:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1764743, 1764744, 1764745, 1764746, 1790901    
Bug Blocks: 1764747    

Description Pedro Sampaio 2019-10-23 17:17:50 UTC
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.

Upstream patch:

https://codereview.qt-project.org/c/qt/qtbase/+/271889

Comment 1 Pedro Sampaio 2019-10-23 17:18:21 UTC
Created mingw-qt5-qtbase tracking bugs for this issue:

Affects: epel-7 [bug 1764746]
Affects: fedora-all [bug 1764745]


Created qt5-qtbase tracking bugs for this issue:

Affects: epel-6 [bug 1764744]
Affects: fedora-all [bug 1764743]

Comment 2 Marco Benatto 2020-01-14 13:57:41 UTC
Statement:

Red Hat Enterprise Linux 7 is not affected by this issue as qt5-base version as shipped with it doesn't have the code which contains the bug.