CVE-2019-18281 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 82%

Affected Products (NVD)

Vendor	Product	Version
qt	qtbase	5.11.0 ≤ 𝑥 ≤ 5.11.3
qt	qtbase	5.12.0 ≤ 𝑥 < 5.12.5
debian	debian_linux	9.0
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

qtbase-opensource-src

bookworm	5.15.8+dfsg-11+deb12u2 fixed
bullseye	5.15.2+dfsg-9+deb11u1 fixed
buster	no-dsa
jessie	not-affected
sid	5.15.15+dfsg-2 fixed
stretch	not-affected
trixie	5.15.15+dfsg-2 fixed

qtbase-opensource-src-gles

bookworm	5.15.8+dfsg-3 fixed
bullseye	5.15.2+dfsg-4 fixed
buster	no-dsa
jessie	not-affected
sid	5.15.15+dfsg-2 fixed
stretch	not-affected
trixie	5.15.15+dfsg-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

qtbase-opensource-src

bionic	not-affected
disco	ignored
eoan	Fixed 5.12.4+dfsg-4ubuntu1.1 released
trusty	dne
xenial	not-affected

Red Hat Enterprise Linux Releases

Red Hat Product

Release

python-qt5-rpm-macros

RHEL 8

0:5.13.1-1.el8

fixed

python3-pyqt5-sip

RHEL 8

0:4.19.19-1.el8

fixed

python3-qt5

RHEL 8

0:5.13.1-1.el8

fixed

python3-qt5-base

RHEL 8

0:5.13.1-1.el8

fixed

python3-qt5-devel

RHEL 8

0:5.13.1-1.el8

fixed

python3-sip-devel

RHEL 8

0:4.19.19-1.el8

fixed

qgnomeplatform

RHEL 8

0:0.4-3.el8

fixed

qt5-assistant

RHEL 8

0:5.12.5-1.el8

fixed

qt5-designer

RHEL 8

0:5.12.5-1.el8

fixed

qt5-devel

RHEL 8

0:5.12.5-3.el8

fixed

qt5-doctools

RHEL 8

0:5.12.5-1.el8

fixed

qt5-linguist

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qdbusviewer

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qt3d

RHEL 8

0:5.12.5-2.el8

fixed

qt5-qt3d-devel

RHEL 8

0:5.12.5-2.el8

fixed

qt5-qt3d-examples

RHEL 8

0:5.12.5-2.el8

fixed

qt5-qtbase

RHEL 8

0:5.12.5-4.el8

fixed

qt5-qtbase-common

RHEL 8

0:5.12.5-4.el8

fixed

qt5-qtbase-devel

RHEL 8

0:5.12.5-4.el8

fixed

qt5-qtbase-examples

RHEL 8

0:5.12.5-4.el8

fixed

qt5-qtbase-gui

RHEL 8

0:5.12.5-4.el8

fixed

qt5-qtbase-mysql

RHEL 8

0:5.12.5-4.el8

fixed

qt5-qtbase-odbc

RHEL 8

0:5.12.5-4.el8

fixed

qt5-qtbase-postgresql

RHEL 8

0:5.12.5-4.el8

fixed

qt5-qtbase-private-devel

RHEL 8

0:5.12.5-4.el8

fixed

qt5-qtbase-static

RHEL 8

0:5.12.5-4.el8

fixed

qt5-qtcanvas3d

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtcanvas3d-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtconnectivity

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtconnectivity-devel

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtconnectivity-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtdeclarative

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtdeclarative-devel

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtdeclarative-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtdeclarative-static

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtdoc

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtgraphicaleffects

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtimageformats

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtlocation

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtlocation-devel

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtlocation-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtmultimedia

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtmultimedia-devel

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtmultimedia-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtquickcontrols

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtquickcontrols-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtquickcontrols2

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtquickcontrols2-devel

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtquickcontrols2-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtscript

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtscript-devel

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtscript-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtsensors

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtsensors-devel

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtsensors-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtserialbus

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtserialbus-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtserialport

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtserialport-devel

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtserialport-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtsvg

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtsvg-devel

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtsvg-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qttools

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qttools-common

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qttools-devel

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qttools-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qttools-libs-designer

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qttools-libs-designercomponents

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qttools-libs-help

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qttools-static

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qttranslations

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtwayland

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtwayland-devel

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtwayland-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtwebchannel

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtwebchannel-devel

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtwebchannel-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtwebsockets

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtwebsockets-devel

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtwebsockets-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtx11extras

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtx11extras-devel

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtxmlpatterns

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtxmlpatterns-devel

RHEL 8

0:5.12.5-1.el8

fixed

qt5-qtxmlpatterns-examples

RHEL 8

0:5.12.5-1.el8

fixed

qt5-rpm-macros

RHEL 8

0:5.12.5-3.el8

fixed

qt5-srpm-macros

RHEL 8

0:5.12.5-3.el8

fixed

sip

RHEL 8

0:4.19.19-1.el8

fixed

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://bugreports.qt.io/browse/QTBUG-77819

https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1848784

https://codereview.qt-project.org/c/qt/qtbase/+/271889

https://seclists.org/bugtraq/2019/Nov/4

https://security.gentoo.org/glsa/202003-60

https://usn.ubuntu.com/4275-1/

https://www.debian.org/security/2019/dsa-4556

https://bugreports.qt.io/browse/QTBUG-77819

https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1848784

https://codereview.qt-project.org/c/qt/qtbase/+/271889

https://seclists.org/bugtraq/2019/Nov/4

https://security.gentoo.org/glsa/202003-60

https://usn.ubuntu.com/4275-1/

https://www.debian.org/security/2019/dsa-4556