Crash in Qt 5.12.2
Robert Loehning
Robert.Loehning at qt.io
Wed Oct 23 07:02:58 UTC 2019
Am 22.10.19 um 18:41 schrieb Dmitry Shachnev:
> Hi again Robert,
>
> On Fri, Oct 18, 2019 at 02:14:01PM +0000, Robert Loehning wrote:
>> Hi,
>>
>> every application based on Qt will crash when opening a crafted plain
>> text file. Could you please add the patch below to your builds to fix this?
>>
>> Thank you and have a nice weekend.
>
> Let me forward you a question I got on the bug:
>
> https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1848784/comments/1
>
> This would appear to have security implications since I imagine if an email
> were sent to a KMail recipient which was crafted in this same way it would
> crash KMail? If this is likely true a CVE should be requested from MITRE via
> https://cveform.mitre.org/ so that other distros etc can ensure they ship
> this patch too.
>
> What do you think about this?
>
> --
> Dmitry Shachnev
>
Hi Dmitry,
this is most probably right. I expect that it's possible to crash KMail
in that way. With Quassel, it was already used ITW.
I don't think I'm authorized to send you such a crafted file, but if you
look closely at the test for the attached fix, you can probably figure
it out yourself.
I'm not aware of an existing CVE for this issue, though.
Cheers,
Robert
More information about the Ubuntu-devel-discuss
mailing list