Use-After-Free Vulnerability in Qt Affects Key Versions
CVE-2020-12267

9.8CRITICAL

Key Information:

Vendor

Qt

Status
Qt
Vendor
CVE Published:
27 April 2020

What is CVE-2020-12267?

A use-after-free vulnerability exists in the Qt framework, specifically in the implementation of setMarkdown prior to version 5.14.2. This flaw arises from an issue in the QTextMarkdownImporter::insertBlock function, which may lead to unexpected behavior and potential exploitation. Attackers can leverage this vulnerability to cause instability in applications using affected versions of Qt, highlighting the need for timely updates and security patches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450
x_refsource_MISC
https://codereview.qt-project.org/c/qt/qtbase/+/291706
x_refsource_CONFIRM
https://security.gentoo.org/glsa/202007-38
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.