CVE-2018-19871 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 72%

Affected Products (NVD)

Vendor	Product	Version
qt	qt	𝑥 < 5.11.3
opensuse	leap	15.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

qtimageformats-opensource-src

bookworm	5.15.8-2 fixed
bullseye	5.15.2-2 fixed
jessie	postponed
sid	5.15.15-3 fixed
stretch	no-dsa
trixie	5.15.15-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

qt4-x11

bionic	needs-triage
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	needs-triage
xenial	needs-triage

qtimageformats-opensource-src

bionic	needs-triage
cosmic	ignored
disco	ignored
eoan	ignored
focal	needs-triage
groovy	ignored
hirsute	ignored
impish	ignored
jammy	needs-triage
kinetic	ignored
lunar	ignored
mantic	ignored
noble	needs-triage
trusty	dne
xenial	needs-triage

openSUSE / SLES Releases

openSUSE Product

Release

libqt5-qtimageformats

suse enterprise desktop 15	5.9.4-3.3.17 fixed
suse enterprise sap 15	5.9.4-3.3.17 fixed
suse enterprise server 15	5.9.4-3.3.17 fixed

libqt5-qtimageformats-devel

suse enterprise desktop 15	5.9.4-3.3.17 fixed
suse enterprise sap 15	5.9.4-3.3.17 fixed
suse enterprise server 15	5.9.4-3.3.17 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

python-qt5-rpm-macros

RHEL 8

0:5.13.1-1.el8

fixed

python3-pyqt5-sip

RHEL 8

0:4.19.19-1.el8

fixed

python3-qt5

RHEL 8

0:5.13.1-1.el8

fixed

python3-qt5-base

RHEL 8

0:5.13.1-1.el8

fixed

python3-qt5-devel

RHEL 8

0:5.13.1-1.el8

fixed

python3-sip-devel

RHEL 8

0:4.19.19-1.el8

fixed

qgnomeplatform

RHEL 8

0:0.4-3.el8

fixed

RHEL 7

1:4.8.7-8.el7

fixed

qt-assistant

RHEL 7

1:4.8.7-8.el7

fixed

qt-config

RHEL 7

1:4.8.7-8.el7

fixed

qt-demos

RHEL 7

1:4.8.7-8.el7

fixed

qt-devel

RHEL 7

1:4.8.7-8.el7

fixed

qt-devel-private

RHEL 7

1:4.8.7-8.el7

fixed

qt-doc

RHEL 7

1:4.8.7-8.el7

fixed

qt-examples

RHEL 7

1:4.8.7-8.el7

fixed

qt-mysql

RHEL 7

1:4.8.7-8.el7

fixed

qt-odbc

RHEL 7

1:4.8.7-8.el7

fixed

qt-postgresql

RHEL 7

1:4.8.7-8.el7

fixed

qt-qdbusviewer

RHEL 7

1:4.8.7-8.el7

fixed

qt-qvfb

RHEL 7

1:4.8.7-8.el7

fixed

qt-x11

RHEL 7

1:4.8.7-8.el7

fixed

qt5-assistant

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-designer

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-devel

RHEL 8

0:5.12.5-3.el8

fixed

qt5-doctools

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-linguist

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qdbusviewer

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qt3d

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-2.el8 fixed

qt5-qt3d-devel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-2.el8 fixed

qt5-qt3d-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qt3d-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-2.el8 fixed

qt5-qtbase

RHEL 7	0:5.9.7-2.el7 fixed
RHEL 8	0:5.12.5-4.el8 fixed

qt5-qtbase-common

RHEL 7	0:5.9.7-2.el7 fixed
RHEL 8	0:5.12.5-4.el8 fixed

qt5-qtbase-devel

RHEL 7	0:5.9.7-2.el7 fixed
RHEL 8	0:5.12.5-4.el8 fixed

qt5-qtbase-doc

RHEL 7

0:5.9.7-2.el7

fixed

qt5-qtbase-examples

RHEL 7	0:5.9.7-2.el7 fixed
RHEL 8	0:5.12.5-4.el8 fixed

qt5-qtbase-gui

RHEL 7	0:5.9.7-2.el7 fixed
RHEL 8	0:5.12.5-4.el8 fixed

qt5-qtbase-mysql

RHEL 7	0:5.9.7-2.el7 fixed
RHEL 8	0:5.12.5-4.el8 fixed

qt5-qtbase-odbc

RHEL 7	0:5.9.7-2.el7 fixed
RHEL 8	0:5.12.5-4.el8 fixed

qt5-qtbase-postgresql

RHEL 7	0:5.9.7-2.el7 fixed
RHEL 8	0:5.12.5-4.el8 fixed

qt5-qtbase-private-devel

RHEL 8

0:5.12.5-4.el8

fixed

qt5-qtbase-static

RHEL 7	0:5.9.7-2.el7 fixed
RHEL 8	0:5.12.5-4.el8 fixed

qt5-qtcanvas3d

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtcanvas3d-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtcanvas3d-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtconnectivity

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtconnectivity-devel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtconnectivity-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtconnectivity-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtdeclarative

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtdeclarative-devel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtdeclarative-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtdeclarative-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtdeclarative-static

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtdoc

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtgraphicaleffects

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtgraphicaleffects-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtimageformats

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtimageformats-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtlocation

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtlocation-devel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtlocation-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtlocation-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtmultimedia

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtmultimedia-devel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtmultimedia-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtmultimedia-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtquickcontrols

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtquickcontrols-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtquickcontrols-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtquickcontrols2

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtquickcontrols2-devel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtquickcontrols2-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtquickcontrols2-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtscript

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtscript-devel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtscript-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtscript-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtsensors

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtsensors-devel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtsensors-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtsensors-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtserialbus

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtserialbus-devel

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtserialbus-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtserialbus-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtserialport

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtserialport-devel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtserialport-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtserialport-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtsvg

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtsvg-devel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtsvg-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtsvg-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qttools

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qttools-common

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qttools-devel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qttools-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qttools-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qttools-libs-designer

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qttools-libs-designercomponents

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qttools-libs-help

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qttools-static

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qttranslations

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtwayland

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtwayland-devel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtwayland-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtwayland-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtwebchannel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtwebchannel-devel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtwebchannel-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtwebchannel-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtwebsockets

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtwebsockets-devel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtwebsockets-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtwebsockets-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtx11extras

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtx11extras-devel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtx11extras-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtxmlpatterns

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtxmlpatterns-devel

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-qtxmlpatterns-doc

RHEL 7

0:5.9.7-1.el7

fixed

qt5-qtxmlpatterns-examples

RHEL 7	0:5.9.7-1.el7 fixed
RHEL 8	0:5.12.5-1.el8 fixed

qt5-rpm-macros

RHEL 7	0:5.9.7-2.el7 fixed
RHEL 8	0:5.12.5-3.el8 fixed

qt5-srpm-macros

RHEL 8

0:5.12.5-3.el8

fixed

sip

RHEL 8

0:4.19.19-1.el8

fixed

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html

https://access.redhat.com/errata/RHSA-2019:2135

https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/

https://codereview.qt-project.org/#/c/237761/

https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html

https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html

https://access.redhat.com/errata/RHSA-2019:2135

https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/

https://codereview.qt-project.org/#/c/237761/

https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html

https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html