CVE-2018-19872

Published: 21 March 2019

An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
qtbase-opensource-src
Launchpad, Ubuntu, Debian
Upstream
Released (5.11.2+dfsg-3)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.11.3+dfsg-5ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.9.5+dfsg-0ubuntu2.5)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (5.5.1+dfsg-16ubuntu7.7)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

Patches:
Upstream: https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=8c4207dddf9b2af0767de2ef0a10652612d462a5
Upstream: https://code.qt.io/cgit/qt/qtbase.git/commit/src/gui/image/qppmhandler.cpp?h=5.6&id=b7321368924c4dbed81aa008d76ebfb1dffd7e60 (5.6)