An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
Upstream patch:
https://codereview.qt-project.org/c/qt/qtbase/+/271889
Created mingw-qt5-qtbase tracking bugs for this issue:
Affects: epel-7 [bug 1764746]
Affects: fedora-all [bug 1764745]
Created qt5-qtbase tracking bugs for this issue:
Affects: epel-6 [bug 1764744]
Affects: fedora-all [bug 1764743]
Statement:
Red Hat Enterprise Linux 7 is not affected by this issue as qt5-base version as shipped with it doesn't have the code which contains the bug.