{"id":"CVE-2020-17507","details":"An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.","modified":"2026-04-10T04:23:52.130263Z","published":"2020-08-12T18:15:17.637Z","related":["ALSA-2021:1756","MGASA-2020-0347","MGASA-2021-0493","SUSE-SU-2020:2741-1","SUSE-SU-2020:2742-1","SUSE-SU-2020:2748-1","SUSE-SU-2020:2751-1","SUSE-SU-2020:2760-1","SUSE-SU-2021:4155-1","openSUSE-SU-2020:1452-1","openSUSE-SU-2020:1500-1","openSUSE-SU-2020:1501-1","openSUSE-SU-2020:1530-1","openSUSE-SU-2020:1564-1","openSUSE-SU-2020:1568-1","openSUSE-SU-2020:2142-1","openSUSE-SU-2024:10975-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"},{"type":"ADVISORY","url":"https://codereview.qt-project.org/c/qt/qtbase/+/308496"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202009-04"},{"type":"FIX","url":"https://codereview.qt-project.org/c/qt/qtbase/+/308495"},{"type":"FIX","url":"https://codereview.qt-project.org/c/qt/qtbase/+/308436"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qt/qtbase","events":[{"introduced":"0"},{"last_affected":"823ed71e220ebde07970dd61c04bb47b01dd06c4"},{"introduced":"fc9ae22c88dd085c7c31599037132fc756feeb04"},{"fixed":"e4961b35deb202525d4711dbb14f8c2bb0bf5c26"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.12.9"},{"introduced":"5.13.0"},{"fixed":"5.15.1"}]}}],"versions":["v5.0.0-beta1","v5.0.0-beta2","v5.12.0-alpha1","v5.12.0-beta1","v5.12.0-beta2","v5.12.0-beta3","v5.12.9","v5.15.0-alpha1","v5.15.0-beta1","v5.15.0-beta2","v5.15.0-beta3","v5.15.0-beta4"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-17507.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}