CVE-2020-12267
Published: 27 April 2020
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
Priority
Medium
CVSS 3 base score: 9.8
Status
| Package | Release | Status |
|---|---|---|
|
qt4-x11 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| eoan |
Not vulnerable
(code not present)
|
|
| focal |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
qtbase-opensource-src Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| eoan |
Not vulnerable
(code not present)
|
|
| focal |
Not vulnerable
(code not present)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
Notes
| Author | Note |
|---|---|
| leosilva | QTextMarkdownImporter was added in version 5.13. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12267
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450
- https://codereview.qt-project.org/c/qt/qtbase/+/291706
- https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=7447e2b337f12b4d04935d0f30fc673e4327d5a0
- NVD
- Launchpad
- Debian