Bug 1170582 - (CVE-2020-12267) VUL-0: CVE-2020-12267: libqt5-qtbase: the setMarkdown() function has a use-after-free related to QTextMarkdownImporter:insertBlock
(CVE-2020-12267)
VUL-0: CVE-2020-12267: libqt5-qtbase: the setMarkdown() function has a use-af...
Status: IN_PROGRESS
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P3 - Medium : Minor (vote)
: ---
Assigned To: Fabian Vogt
Security Team bot
https://smash.suse.de/issue/258468/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-04-27 11:58 UTC by Wolfgang Frisch
Modified: 2022-01-27 10:35 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-04-27 11:58:02 UTC
CVE-2020-12267

setMarkdown in Qt before 5.14.2 has a use-after-free related to
QTextMarkdownImporter::insertBlock.

References:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12267
Comment 1 Wolfgang Frisch 2020-04-27 12:06:16 UTC
QTextMarkdownImporter was introduced with Qt 5.14.

SLE is not affected.
openSUSE:Factory is affected (Qt 5.14.1).
Comment 2 Dirk Mueller 2020-04-27 12:34:22 UTC
Fabian seems to be the person maintaining libqt5 (although bugowner isn't set)
Comment 4 Fabian Vogt 2020-04-27 12:57:44 UTC
Fix submitted to the devel prj: https://build.opensuse.org/request/show/798249
Comment 5 Swamp Workflow Management 2020-04-27 13:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1170582) was mentioned in
https://build.opensuse.org/request/show/798262 Factory / libqt5-qtbase