Bug 1170582 (CVE-2020-12267) - VUL-0: CVE-2020-12267: libqt5-qtbase: the setMarkdown() function has a use-after-free related to QTextMarkdownImporter:insertBlock
Summary: VUL-0: CVE-2020-12267: libqt5-qtbase: the setMarkdown() function has a use-af...
Status: RESOLVED FIXED
Alias: CVE-2020-12267
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: Other Other
: P3 - Medium : Minor (vote)
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/258468/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-27 11:58 UTC by Wolfgang Frisch
Modified: 2024-07-04 13:25 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-04-27 11:58:02 UTC 
CVE-2020-12267

setMarkdown in Qt before 5.14.2 has a use-after-free related to
QTextMarkdownImporter::insertBlock.

References:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12267
Comment 1 Wolfgang Frisch 2020-04-27 12:06:16 UTC 
QTextMarkdownImporter was introduced with Qt 5.14.

SLE is not affected.
openSUSE:Factory is affected (Qt 5.14.1).
Comment 2 Dirk Mueller 2020-04-27 12:34:22 UTC 
Fabian seems to be the person maintaining libqt5 (although bugowner isn't set)
Comment 4 Fabian Vogt 2020-04-27 12:57:44 UTC 
Fix submitted to the devel prj: https://build.opensuse.org/request/show/798249
Comment 5 Swamp Workflow Management 2020-04-27 13:40:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1170582) was mentioned in
https://build.opensuse.org/request/show/798262 Factory / libqt5-qtbase
Comment 10 Wolfgang Frisch 2024-07-04 13:25:58 UTC 
Fixed in all supported codestreams a long time ago.