Veracode Vulnerability DatabaseVERACODE:24722Denial Of Service (DoS)
0.022 Low
EPSS
Percentile
89.5%
Qt is vulnerable to denial of service (DoS). A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
References
cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65
cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08
git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0
lists.opensuse.org/opensuse-updates/2011-10/msg00007.html
lists.opensuse.org/opensuse-updates/2011-10/msg00008.html
rhn.redhat.com/errata/RHSA-2011-1323.html
rhn.redhat.com/errata/RHSA-2011-1324.html
rhn.redhat.com/errata/RHSA-2011-1325.html
rhn.redhat.com/errata/RHSA-2011-1326.html
rhn.redhat.com/errata/RHSA-2011-1327.html
rhn.redhat.com/errata/RHSA-2011-1328.html
secunia.com/advisories/41537
secunia.com/advisories/46117
secunia.com/advisories/46118
secunia.com/advisories/46119
secunia.com/advisories/46128
secunia.com/advisories/46371
secunia.com/advisories/46410
secunia.com/advisories/49895
www.openwall.com/lists/oss-security/2011/08/22/6
www.openwall.com/lists/oss-security/2011/08/24/8
www.openwall.com/lists/oss-security/2011/08/25/1
www.osvdb.org/75652
www.redhat.com/rhn/rhndetails/fastrack/
www.securityfocus.com/bid/49723
www.ubuntu.com/usn/USN-1504-1
access.redhat.com/errata/RHSA-2011:1328
access.redhat.com/security/updates/classification/#moderate
exchange.xforce.ibmcloud.com/vulnerabilities/69991
hermes.opensuse.org/messages/12056605
qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c
Related
