PublicDateAtUSN: 2018-12-26
Candidate: CVE-2018-19870
PublicDate: 2018-12-26 21:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19870
 https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
 https://codereview.qt-project.org/#/c/235998/
 https://ubuntu.com/security/notices/USN-4003-1
Description:
 An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a
 NULL pointer dereference in QGifHandler resulting in a segmentation fault.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_qtbase-opensource-src:
 upstream: https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=2841e2b61e32f26900bde987d469c8b97ea31999
upstream_qtbase-opensource-src: released (5.11.3)
precise/esm_qtbase-opensource-src: DNE
trusty_qtbase-opensource-src: ignored (reached end-of-life)
trusty/esm_qtbase-opensource-src: DNE (trusty was needed)
xenial_qtbase-opensource-src: released (5.5.1+dfsg-16ubuntu7.6)
esm-infra/xenial_qtbase-opensource-src: released (5.5.1+dfsg-16ubuntu7.6)
bionic_qtbase-opensource-src: released (5.9.5+dfsg-0ubuntu2.1)
cosmic_qtbase-opensource-src: released (5.11.1+dfsg-7ubuntu3.1)
disco_qtbase-opensource-src: released (5.11.3+dfsg-2ubuntu1)
devel_qtbase-opensource-src: released (5.11.3+dfsg-2ubuntu1)