An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters. Upstream patch: https://codereview.qt-project.org/c/qt/qtbase/+/271889
Created mingw-qt5-qtbase tracking bugs for this issue: Affects: epel-7 [bug 1764746] Affects: fedora-all [bug 1764745] Created qt5-qtbase tracking bugs for this issue: Affects: epel-6 [bug 1764744] Affects: fedora-all [bug 1764743]
Statement: Red Hat Enterprise Linux 7 is not affected by this issue as qt5-base version as shipped with it doesn't have the code which contains the bug.