ALT Linux Team

Package qt6-shadertools update in p10 on 2023-05-03

ALT-PU-2023-8551-1

Package qt6-shadertools updated to version 6.4.2-alt1 for branch p10 in task 317839.

Closed vulnerabilities

Published: 2023-09-21

BDU:2023-05913

Уязвимость функции addApplicationFont{FromData] класса QFontDatabase кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.0)Vector: AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Severity: LOW (2.3)Vector: AV:A/AC:M/Au:S/C:N/I:N/A:P
References:
Published: 2023-09-18
Modified: 2024-11-21

CVE-2023-43114

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.

Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top