CVE-2019-18281

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-18281
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18281.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-18281
Downstream
Related
Published
2019-10-23T15:15:14Z
Modified
2025-10-15T10:36:59.928366Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.

References

Affected packages

Git / github.com/qt/qtbase

Affected ranges

Type
GIT
Repo
https://github.com/qt/qtbase
Events
Introduced
13ed06640c6cf32ea8c784c896c6bf017053edb3
Fixed
abfb1b8665923ce2824392f3a04e5e4ac3871017

Affected versions

v5.*

v5.11.3
v5.12.0
v5.12.1
v5.12.2
v5.12.3
v5.12.4

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "42175485319852982382716562530548920112",
                "269969189790789914493321821784506182077",
                "192896421012310542730988811461340756350",
                "81493618896476637973500433905196848195",
                "177778031528303863734575949352642260045",
                "204261337458403320614169416449406855994",
                "282401848054897177864544170876498713116",
                "23956863597407661719760492111577731941",
                "120874335481434784682992640334932410074"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2019-18281-ce26650f",
        "target": {
            "file": "qmake/generators/mac/pbuilder_pbx.cpp"
        },
        "source": "https://github.com/qt/qtbase/commit/abfb1b8665923ce2824392f3a04e5e4ac3871017",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "digest": {
            "length": 55991.0,
            "function_hash": "55318626890648757947913378382764058604"
        },
        "signature_type": "Function",
        "id": "CVE-2019-18281-f29a5ae7",
        "target": {
            "file": "qmake/generators/mac/pbuilder_pbx.cpp",
            "function": "ProjectBuilderMakefileGenerator::writeMakeParts"
        },
        "source": "https://github.com/qt/qtbase/commit/abfb1b8665923ce2824392f3a04e5e4ac3871017",
        "signature_version": "v1"
    }
]