CVE-2020-17507
First published: Wed Aug 12 2020(Updated: )
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qt Qt | <=5.12.9 | |
| Qt Qt | >=5.13.0<5.15.1 | |
| Debian Debian Linux | =9.0 | |
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =32 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html
- https://codereview.qt-project.org/c/qt/qtbase/+/308436
- https://codereview.qt-project.org/c/qt/qtbase/+/308495
- https://codereview.qt-project.org/c/qt/qtbase/+/308496
- https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/
- https://security.gentoo.org/glsa/202009-04
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/
Frequently Asked Questions
What is CVE-2020-17507?
CVE-2020-17507 is a vulnerability in Qt through 5.12.9 and 5.13.x through 5.15.x before 5.15.1 that allows for a buffer over-read in the read_xbm_body function.
How severe is CVE-2020-17507?
CVE-2020-17507 has a severity rating of medium with a CVSS score of 5.3.
Which software versions are affected by CVE-2020-17507?
CVE-2020-17507 affects Qt versions 5.12.9 and 5.13.x through 5.15.x before 5.15.1.
How can I fix CVE-2020-17507?
To fix CVE-2020-17507, you should update your Qt software to version 5.15.1 or later.
Are there any references for CVE-2020-17507?
Yes, you can find references for CVE-2020-17507 at the following links: [Link 1](http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html), [Link 2](http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html), [Link 3](http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html).
- collector/nvd-index
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/severity
- agent/description
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/qt
- canonical/qt qt
- version/qt qt/5.12.9
- version/qt qt/5.13.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/31
- version/fedoraproject fedora/32