{"id":"CVE-2019-18281","details":"An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.","modified":"2026-04-16T04:43:30.718995486Z","published":"2019-10-23T15:15:14.343Z","references":[{"type":"WEB","url":"https://usn.ubuntu.com/4275-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4556"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Nov/4"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-60"},{"type":"REPORT","url":"https://bugreports.qt.io/browse/QTBUG-77819"},{"type":"REPORT","url":"https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1848784"},{"type":"FIX","url":"https://codereview.qt-project.org/c/qt/qtbase/+/271889"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qt/qtbase","events":[{"introduced":"6eef81ee1c82f934e14d47047d8b6103b8755321"},{"last_affected":"08de243eaa007597c2bfbc97d3d14e2f821ac4be"},{"introduced":"13ed06640c6cf32ea8c784c896c6bf017053edb3"},{"fixed":"abfb1b8665923ce2824392f3a04e5e4ac3871017"}],"database_specific":{"versions":[{"introduced":"5.11.0"},{"last_affected":"5.11.3"},{"introduced":"5.12.0"},{"fixed":"5.12.5"}]}}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"vanir_signatures_modified":"2026-04-11T12:42:32Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18281.json","vanir_signatures":[{"id":"CVE-2019-18281-ce26650f","signature_type":"Line","target":{"file":"qmake/generators/mac/pbuilder_pbx.cpp"},"deprecated":false,"source":"https://github.com/qt/qtbase/commit/abfb1b8665923ce2824392f3a04e5e4ac3871017","digest":{"threshold":0.9,"line_hashes":["42175485319852982382716562530548920112","269969189790789914493321821784506182077","192896421012310542730988811461340756350","81493618896476637973500433905196848195","177778031528303863734575949352642260045","204261337458403320614169416449406855994","282401848054897177864544170876498713116","23956863597407661719760492111577731941","120874335481434784682992640334932410074"]},"signature_version":"v1"},{"id":"CVE-2019-18281-f29a5ae7","signature_type":"Function","target":{"file":"qmake/generators/mac/pbuilder_pbx.cpp","function":"ProjectBuilderMakefileGenerator::writeMakeParts"},"deprecated":false,"source":"https://github.com/qt/qtbase/commit/abfb1b8665923ce2824392f3a04e5e4ac3871017","digest":{"length":55991,"function_hash":"55318626890648757947913378382764058604"},"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}]}