Vulnerability CVE-2018-19871

Vulnerability Name:

CVE-2018-19871 (CCN-154825)

Assigned:

2018-08-24

Published:

2018-08-24

Updated:

2020-09-28

Summary:

An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

3.3 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-400

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2018-19871

Source: SUSE
Type: Third Party Advisory
openSUSE-SU-2019:1115

Source: REDHAT
Type: UNKNOWN
RHSA-2019:2135

Source: CCN
Type: Qt Blog, December 4th, 2018
Qt 5.11.3 Released with Important Security Updates

Source: CONFIRM
Type: Release Notes, Vendor Advisory
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/

Source: CONFIRM
Type: Issue Tracking, Patch, Vendor Advisory
https://codereview.qt-project.org/#/c/237761/

Source: XF
Type: UNKNOWN
qt-cve201819871-dos(154825)

Source: MLIST
Type: UNKNOWN
[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update

Source: MLIST
Type: UNKNOWN
[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-19871

Vulnerable Configuration:

Configuration 1:

cpe:/a:qt:qt:*:*:*:*:*:*:*:* (Version < 5.11.3)

Configuration 2:

cpe:/o:opensuse:leap:15.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:qt:qt:5.11.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201819871	V	CVE-2018-19871	2022-09-02
oval:org.opensuse.security:def:24046	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:23716	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:61583	P	libtiff-devel-4.0.9-5.27.5 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:23670	P	Security update for openssl (Low)	2021-09-20
oval:org.opensuse.security:def:47807	P	libvorbis-doc-1.3.3-10.14.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47754	P	libopenssl-devel-1.0.2p-1.13 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47116	P	pam-1.1.8-14.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47047	P	libmms0-0.6.2-15.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46892	P	apache2-mod_nss-1.0.14-18.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47016	P	libevent-2_0-5-2.0.21-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46953	P	gnome-keyring-3.20.0-27.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46932	P	ecryptfs-utils-103-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46881	P	DirectFB-1.7.1-6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:2041	P	python3-keystoneclient-4.0.0-9.4.5 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2043	P	terraform-0.13.4-6.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62106	P	kdump-0.9.0-16.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62745	P	fwupd-1.5.8-1.13 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62832	P	texlive-collection-basic-2017.135.svn41616-9.12.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62783	P	libexif-devel-0.6.22-5.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:23923	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-15
oval:org.opensuse.security:def:48559	P	libthai-data-0.1.25-4.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61123	P	apr-util-devel-1.6.1-2.41 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61312	P	libzzip-0-13-0.13.69-1.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61146	P	curl-7.60.0-1.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61124	P	audit-devel-2.8.1-3.30 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46810	P	patch-2.7.5-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46599	P	xorg-x11-7.6_1-14.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46457	P	libXfixes3-32bit-5.0.1-3.53 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48558	P	libtcnative-1-0-1.1.32-9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48898	P	dia-0.97.3-15.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48700	P	libzmq3-4.0.4-2.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48575	P	logwatch-7.4.3-15.65 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46053	P	Security update for openldap2 (Important)	2021-04-16
oval:org.opensuse.security:def:51181	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:23600	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:24058	P	Security update for openldap2 (Moderate)	2021-01-15
oval:org.opensuse.security:def:23970	P	Security update for tomcat (Moderate)	2021-01-05
oval:org.opensuse.security:def:23484	P	Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:2063	P	grub2-x86_64-xen-2.02-17.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2061	P	freeradius-server-3.0.16-1.41 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62552	P	libgme-devel-0.6.2-1.17 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2052	P	apache2-mod_jk-1.2.43-1.36 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62424	P	libSDL2-2_0-0-2.0.8-1.34 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2047	P	clamsap-0.99.25-2.37 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61901	P	libvirt-libs-6.0.0-11.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61774	P	kernel-default-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2096	P	squid-4.0.23-3.47 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62653	P	libSoundTouch0-1.8.0-3.11.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:46369	P	nodejs6-6.9.5-7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2098	P	subversion-server-1.10.0-1.24 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62915	P	perl-Archive-Extract-0.80-1.24 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62882	P	FastCGI-2.4.0-2.23 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49039	P	libuuid-devel-2.33.2-2.13 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2091	P	salt-api-2018.3.0-3.9 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2086	P	postgresql-contrib-10-6.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2069	P	libecpg6-10.3-2.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2746	P	Security update for libqt5-qtimageformats (Moderate)	2020-12-02
oval:org.opensuse.security:def:2736	P	Security update for webkit2gtk3 (Important)	2020-12-02
oval:org.opensuse.security:def:24911	P	Security update for openssl-1_1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24764	P	Security update for libqt5-qtimageformats (Moderate)	2020-12-01
oval:org.opensuse.security:def:24732	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:24094	P	Security update for python-PyYAML (Important)	2020-12-01
oval:org.opensuse.security:def:49674	P	libkpathsea6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46036	P	Security update for ruby2.1 (Important)	2020-12-01
oval:org.opensuse.security:def:45958	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:45752	P	Security update for pam_radius (Important)	2020-12-01
oval:org.opensuse.security:def:45623	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:46151	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:45117	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:45542	P	Security update for freeradius-server (Important)	2020-12-01
oval:org.opensuse.security:def:25639	P	Security update for libqt5-qtimageformats (Moderate)	2020-12-01
oval:org.opensuse.security:def:45421	P	Security update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25605	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:45239	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:24967	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:45129	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:23781	P	Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:45118	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:23423	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:51119	P	Security update for openssh (Important)	2020-12-01
oval:org.opensuse.security:def:49843	P	libgit2-28 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49770	P	apache-pdfbox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:23431	P	Security update for glib2 (Important)	2020-12-01
oval:org.opensuse.security:def:45923	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:46094	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:46241	P	Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:24826	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:24775	P	Security update for spice-gtk (Moderate)	2020-12-01
oval:org.opensuse.security:def:45936	P	Security update for postgresql10 (Low)	2020-12-01
oval:org.opensuse.security:def:24628	P	Security update for xmltooling (Moderate)	2020-12-01
oval:org.opensuse.security:def:24925	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:45924	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:24550	P	Security update for accountsservice (Moderate)	2020-12-01
oval:org.opensuse.security:def:24229	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:24497	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:49607	P	ImageMagick on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24420	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:49518	P	gnome-online-accounts-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24298	P	Security update for polkit (Moderate)	2020-12-01
oval:org.opensuse.security:def:49287	P	pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24238	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:49133	P	lftp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49739	P	guile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46243	P	Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:46180	P	Security update for postgresql96 (Important)	2020-12-01
oval:org.opensuse.security:def:87239	P	Security update for libqt5-qtimageformats (Moderate)	2020-10-14
oval:com.redhat.rhsa:def:20201665	P	RHSA-2020:1665: qt5 security, bug fix, and enhancement update (Moderate)	2020-04-29
oval:com.redhat.rhsa:def:20201172	P	RHSA-2020:1172: qt security update (Moderate)	2020-03-31
oval:com.redhat.rhsa:def:20192135	P	RHSA-2019:2135: qt5 security, bug fix, and enhancement update (Moderate)	2019-08-06
oval:com.ubuntu.xenial:def:2018198710000000	V	CVE-2018-19871 on Ubuntu 16.04 LTS (xenial) - medium.	2018-12-26
oval:com.ubuntu.bionic:def:201819871000	V	CVE-2018-19871 on Ubuntu 18.04 LTS (bionic) - medium.	2018-12-26
oval:com.ubuntu.disco:def:2018198710000000	V	CVE-2018-19871 on Ubuntu 19.04 (disco) - medium.	2018-12-26
oval:com.ubuntu.cosmic:def:201819871000	V	CVE-2018-19871 on Ubuntu 18.10 (cosmic) - medium.	2018-12-26
oval:com.ubuntu.cosmic:def:2018198710000000	V	CVE-2018-19871 on Ubuntu 18.10 (cosmic) - medium.	2018-12-26
oval:com.ubuntu.trusty:def:201819871000	V	CVE-2018-19871 on Ubuntu 14.04 LTS (trusty) - medium.	2018-12-26
oval:com.ubuntu.bionic:def:2018198710000000	V	CVE-2018-19871 on Ubuntu 18.04 LTS (bionic) - medium.	2018-12-26
oval:com.ubuntu.xenial:def:201819871000	V	CVE-2018-19871 on Ubuntu 16.04 LTS (xenial) - medium.	2018-12-26

BACK