VDB

GCVE-VVD-MAGEIA-2019-356

GCVE-VVD-MAGEIA-2019-356
Advisory Published
Vulnetix · Advisory published December 6, 2019
This update provides the 5.12.6 QT stack maintenance release and fixes the following security issue: An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters (CVE-2019-18281). kwin and skrooge has been rebuilt to pick up proper dependencies on the updated QT packages.
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiaqtremoteobjects50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtcharts50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtserialbus50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqttranslations50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaskrooge0 (affected), 2.19.1-2.mga7 (unaffected)
Mageiaqtgraphicaleffects50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtgamepad50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqttools50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtspeech50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtimageformats50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtquickcontrols50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtwebkit50 (affected), 5.212.0-1.alpha3.1.mga7 (unaffected)
Mageiaqt3d50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtwebview50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtvirtualkeyboard50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtlocation50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtx11extras50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtconnectivity50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtnetworkauth50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtdoc50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtdeclarative50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtwebengine50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtmultimedia50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtsensors50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtbase50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtwebglplugin50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtenginio50 (affected), 1.6.3-7.1.mga7 (unaffected)
Mageiaqtscxml50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtsvg50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtxmlpatterns50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtwebsockets50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtdatavis3d50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtpurchasing50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiapyside20 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtscript50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiakwin0 (affected), 5.15.4-1.1.mga7 (unaffected)
Mageiashiboken20 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtwayland50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtserialport50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtwebchannel50 (affected), 5.12.6-1.mga7 (unaffected)
Mageiaqtquickcontrols250 (affected), 5.12.6-1.mga7 (unaffected)
Mageiapyside2-tools0 (affected), 5.12.6-1.mga7 (unaffected)

Aliases

CVE-2019-18281

Transitive aliases

GSD-2019-18281CNVD-2020-03049BDU:2021-03592VVD-GENTOO-2019-699226RHSA-2020:1665GHSA-92xj-745q-j6qrEUVD-2019-8070

References

Updated QT stack fix security vulnerability
advisory
Updated QT stack fix security vulnerability
issue
Updated QT stack fix security vulnerability
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›