osv-2020-1671
Vulnerability from osv_ossfuzz
Published
2020-08-29 00:00
Modified
2023-02-24 02:01
Summary
Heap-buffer-overflow in Dasher::Dasher
Details
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25243
Crash type: Heap-buffer-overflow READ 4
Crash state:
Dasher::Dasher
bool drawLineAA<&
QCosmeticStroker::drawPath
{
"affected": [
{
"database_specific": {
"fixed_range": "91c229fc17054feacb63de186e3419bc5c2f1933:b3326dc04e20bd1e7a455dd4fe00fba4bf0b7445"
},
"ecosystem_specific": {
"severity": "MEDIUM"
},
"package": {
"ecosystem": "OSS-Fuzz",
"name": "qt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "f575ed4b15c97726c64dbceff23237c84ac26480"
},
{
"fixed": "80e3ded22d873e4d5d4251f29943f6f670cb69f0"
},
{
"fixed": "1d778a59f781ecf822c9e3f7777b680fea2c4e62"
},
{
"fixed": "b3326dc04e20bd1e7a455dd4fe00fba4bf0b7445"
}
],
"repo": "git://code.qt.io/qt/qtbase.git",
"type": "GIT"
}
],
"versions": [
"qt-v5.0.0-alpha1",
"v5.0.0",
"v5.0.0-beta1",
"v5.0.0-beta2",
"v5.0.0-rc1",
"v5.0.0-rc2",
"v5.0.1",
"v5.0.2",
"v5.1.0",
"v5.1.0-alpha1",
"v5.1.0-beta1",
"v5.1.0-rc1",
"v5.1.0-rc2",
"v5.1.1",
"v5.10.0",
"v5.10.0-alpha1",
"v5.10.0-beta1",
"v5.10.0-beta2",
"v5.10.0-beta3",
"v5.10.0-beta4",
"v5.10.0-rc1",
"v5.10.0-rc2",
"v5.10.0-rc3",
"v5.10.1",
"v5.11.0",
"v5.11.0-alpha1",
"v5.11.0-beta1",
"v5.11.0-beta2",
"v5.11.0-beta3",
"v5.11.0-beta4",
"v5.11.0-rc1",
"v5.11.0-rc2",
"v5.11.1",
"v5.11.2",
"v5.11.3",
"v5.12.0",
"v5.12.0-alpha1",
"v5.12.0-beta1",
"v5.12.0-beta2",
"v5.12.0-beta3",
"v5.12.0-beta4",
"v5.12.0-rc1",
"v5.12.0-rc2",
"v5.12.1",
"v5.12.2",
"v5.12.3",
"v5.12.4",
"v5.12.5",
"v5.12.6",
"v5.12.7",
"v5.12.8",
"v5.12.9",
"v5.13.0",
"v5.13.0-alpha1",
"v5.13.0-beta1",
"v5.13.0-beta2",
"v5.13.0-beta3",
"v5.13.0-beta4",
"v5.13.0-rc1",
"v5.13.0-rc2",
"v5.13.0-rc3",
"v5.13.1",
"v5.13.2",
"v5.14.0",
"v5.14.0-alpha1",
"v5.14.0-beta1",
"v5.14.0-beta2",
"v5.14.0-beta3",
"v5.14.0-rc1",
"v5.14.0-rc2",
"v5.14.1",
"v5.14.2",
"v5.15.0",
"v5.15.0-alpha1",
"v5.15.0-beta1",
"v5.15.0-beta2",
"v5.15.0-beta3",
"v5.15.0-beta4",
"v5.15.0-rc1",
"v5.15.0-rc2",
"v5.2.0",
"v5.2.0-alpha1",
"v5.2.0-beta1",
"v5.2.0-rc1",
"v5.2.1",
"v5.3.0",
"v5.3.0-alpha1",
"v5.3.0-beta1",
"v5.3.0-rc1",
"v5.3.1",
"v5.3.2",
"v5.4.0",
"v5.4.0-alpha1",
"v5.4.0-beta1",
"v5.4.0-rc1",
"v5.4.1",
"v5.4.2",
"v5.5.0",
"v5.5.0-alpha1",
"v5.5.0-beta1",
"v5.5.0-rc1",
"v5.5.1",
"v5.6.0",
"v5.6.0-alpha1",
"v5.6.0-beta1",
"v5.6.0-rc1",
"v5.6.1",
"v5.6.1-1",
"v5.6.2",
"v5.6.3",
"v5.7.0",
"v5.7.0-alpha1",
"v5.7.0-beta1",
"v5.7.0-rc1",
"v5.7.1",
"v5.8.0",
"v5.8.0-alpha1",
"v5.8.0-beta1",
"v5.8.0-rc1",
"v5.9.0",
"v5.9.0-alpha1",
"v5.9.0-beta1",
"v5.9.0-beta2",
"v5.9.0-beta3",
"v5.9.0-beta4",
"v5.9.0-rc1",
"v5.9.0-rc2",
"v5.9.1",
"v5.9.2",
"v5.9.3",
"v5.9.4",
"v5.9.5",
"v5.9.6",
"v5.9.7",
"v5.9.8",
"v5.9.9",
"v6.0.0-alpha1"
]
}
],
"details": "OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25243\n\n```\nCrash type: Heap-buffer-overflow READ 4\nCrash state:\nDasher::Dasher\nbool drawLineAA\u003c\u0026\nQCosmeticStroker::drawPath\n```\n",
"id": "OSV-2020-1671",
"modified": "2023-02-24T02:01:45.842239Z",
"published": "2020-08-29T00:00:13.673013Z",
"references": [
{
"type": "REPORT",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25243"
},
{
"type": "FIX",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/316936"
}
],
"summary": "Heap-buffer-overflow in Dasher::Dasher"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…