{"id":"CVE-2020-17507","details":"An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.","modified":"2026-02-02T00:06:46.193118Z","published":"2020-08-12T18:15:17.637Z","related":["ALSA-2021:1756","MGASA-2020-0347","MGASA-2021-0493","SUSE-SU-2020:2741-1","SUSE-SU-2020:2742-1","SUSE-SU-2020:2748-1","SUSE-SU-2020:2751-1","SUSE-SU-2020:2760-1","SUSE-SU-2021:4155-1","openSUSE-SU-2020:1452-1","openSUSE-SU-2020:1500-1","openSUSE-SU-2020:1501-1","openSUSE-SU-2020:1530-1","openSUSE-SU-2020:1564-1","openSUSE-SU-2020:1568-1","openSUSE-SU-2020:2142-1","openSUSE-SU-2024:10975-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"},{"type":"ADVISORY","url":"https://codereview.qt-project.org/c/qt/qtbase/+/308436"},{"type":"ADVISORY","url":"https://codereview.qt-project.org/c/qt/qtbase/+/308495"},{"type":"ADVISORY","url":"https://codereview.qt-project.org/c/qt/qtbase/+/308496"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202009-04"},{"type":"FIX","url":"https://codereview.qt-project.org/c/qt/qtbase/+/308436"},{"type":"FIX","url":"https://codereview.qt-project.org/c/qt/qtbase/+/308495"},{"type":"ARTICLE","url":"https://codereview.qt-project.org/c/qt/qtbase/+/308436"},{"type":"ARTICLE","url":"https://codereview.qt-project.org/c/qt/qtbase/+/308495"},{"type":"ARTICLE","url":"https://codereview.qt-project.org/c/qt/qtbase/+/308496"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qt/qt5","events":[{"introduced":"644f8b7006737a89bfa171fcc7df15a312d678d7"},{"fixed":"dd11f01de7416b650b58c13e18146533d764477c"}]}],"versions":["v5.12.4","v5.12.5","v5.13.0","v5.13.0-rc3","v5.13.1","v5.14.0","v5.14.0-alpha1","v5.14.0-beta1","v5.14.0-beta2","v5.14.0-beta3","v5.14.0-rc1","v5.14.0-rc2","v5.14.1","v5.14.2","v5.15.0","v5.15.0-alpha1","v5.15.0-beta1","v5.15.0-beta2","v5.15.0-beta3","v5.15.0-beta4","v5.15.0-rc1","v5.15.0-rc2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-17507.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/qt/qtbase","events":[{"introduced":"fc9ae22c88dd085c7c31599037132fc756feeb04"},{"fixed":"e4961b35deb202525d4711dbb14f8c2bb0bf5c26"}]}],"database_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["242641743284928064626071892920657218794","106416120088075135311219627565149925684","6689681501335192734927767907587321295","249325656759426096807140923297702562064"],"threshold":0.9},"source":"https://github.com/qt/qtbase/commit/e4961b35deb202525d4711dbb14f8c2bb0bf5c26","target":{"file":"src/corelib/tools/qvector.h"},"id":"CVE-2020-17507-edb2cdac"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-17507.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}