CVE-2019-18281

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-18281
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18281.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-18281
Downstream
Related
Published
2019-10-23T15:15:14.343Z
Modified
2026-03-15T22:31:57.268563Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.

References

Affected packages

Git / github.com/qt/qtbase

Affected ranges

Type
GIT
Repo
https://github.com/qt/qtbase
Events
Introduced
6eef81ee1c82f934e14d47047d8b6103b8755321
Last affected
08de243eaa007597c2bfbc97d3d14e2f821ac4be
Introduced
13ed06640c6cf32ea8c784c896c6bf017053edb3
Fixed
abfb1b8665923ce2824392f3a04e5e4ac3871017
Database specific 
{
    "versions": [
        {
            "introduced": "5.11.0"
        },
        {
            "last_affected": "5.11.3"
        },
        {
            "introduced": "5.12.0"
        },
        {
            "fixed": "5.12.5"
        }
    ]
}

Affected versions

v5.*
v5.11.0
v5.11.0-rc2
v5.11.1
v5.11.2
v5.11.3
v5.12.0
v5.12.0-alpha1
v5.12.0-beta1
v5.12.0-beta2
v5.12.0-beta3
v5.12.0-beta4
v5.12.0-rc1
v5.12.0-rc2
v5.12.1
v5.12.2
v5.12.3
v5.12.4

Database specific

vanir_signatures 
[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "42175485319852982382716562530548920112",
                "269969189790789914493321821784506182077",
                "192896421012310542730988811461340756350",
                "81493618896476637973500433905196848195",
                "177778031528303863734575949352642260045",
                "204261337458403320614169416449406855994",
                "282401848054897177864544170876498713116",
                "23956863597407661719760492111577731941",
                "120874335481434784682992640334932410074"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2019-18281-ce26650f",
        "target": {
            "file": "qmake/generators/mac/pbuilder_pbx.cpp"
        },
        "source": "https://github.com/qt/qtbase/commit/abfb1b8665923ce2824392f3a04e5e4ac3871017"
    },
    {
        "digest": {
            "length": 55991.0,
            "function_hash": "55318626890648757947913378382764058604"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2019-18281-f29a5ae7",
        "target": {
            "function": "ProjectBuilderMakefileGenerator::writeMakeParts",
            "file": "qmake/generators/mac/pbuilder_pbx.cpp"
        },
        "source": "https://github.com/qt/qtbase/commit/abfb1b8665923ce2824392f3a04e5e4ac3871017"
    }
]
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18281.json"