CVE Vulnerabilities

CVE-2018-19870

NULL Pointer Dereference

Published: Dec 26, 2018 | Modified: Nov 21, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM

An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Qt Qt * 5.11.3 (excluding)
Red Hat Enterprise Linux 7 RedHat qt5-qt3d-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtbase-0:5.9.7-2.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtcanvas3d-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtconnectivity-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtdeclarative-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtdoc-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtgraphicaleffects-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtimageformats-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtlocation-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtmultimedia-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtquickcontrols-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtquickcontrols2-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtscript-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtsensors-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtserialbus-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtserialport-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtsvg-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qttools-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qttranslations-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtwayland-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtwebchannel-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtwebsockets-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtx11extras-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt5-qtxmlpatterns-0:5.9.7-1.el7 *
Red Hat Enterprise Linux 7 RedHat qt-1:4.8.7-8.el7 *
Red Hat Enterprise Linux 8 RedHat qt5-qtbase-0:5.11.1-7.el8 *
Red Hat Enterprise Linux 8 RedHat qt5-qttools-0:5.11.1-9.el8 *
Qtbase-opensource-src Ubuntu bionic *
Qtbase-opensource-src Ubuntu cosmic *
Qtbase-opensource-src Ubuntu devel *
Qtbase-opensource-src Ubuntu disco *
Qtbase-opensource-src Ubuntu trusty *
Qtbase-opensource-src Ubuntu upstream *
Qtbase-opensource-src Ubuntu xenial *

Potential Mitigations

References