CVE-2019-18281

Priority
Description
An out-of-bounds memory access in the generateDirectionalRuns() function in
qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows
attackers to cause a denial of service by crashing an application via a
text file containing many directional characters.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (5.12.5+dfsg-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.10 (Eoan Ermine):released (5.12.4+dfsg-4ubuntu1.1)
Ubuntu 20.04 (Focal Fossa):not-affected (5.12.5+dfsg-2)
Patches:
Upstream:https://code.qt.io/cgit/qt/qtbase.git/commit/src/gui/text/qtextengine.cpp?h=5.12&id=1232205e32464d90e871f39eb1e14fcf9b78a163
More Information

Updated: 2020-02-10 15:15:19 UTC (commit e2b80aba94d218c7417082d5acfc48647f8445c7)