Qt(4.8.7) vulnerabilities
-
Qt(4.8.7) vulnerabilities and its reproducibility
How to reproduce the following vulnerabilities using wkhtmltopdf?-
CVE-2018-19873
-
CVE-2018-19869
-
CVE-2018-19871
-
-
The CVEs are pretty clear about what happens under which circumstances.
Forgive my openness, but that sounds like asking for instructions to hack something using a long-outdated Qt version. -
@Axel-Spoerl said in Qt(4.8.7) vulnerabilities:
The CVEs are pretty clear about what happens under which circumstances.
We have fixed the vulnerabilities in Qt 4.8.7 . In order to check whether the vulnerability is fixed, we have to know how to reproduce the issue.
Forgive my openness, but that sounds like asking for instructions to hack something using a long-outdated Qt version.
I am sorry if you felt like that. But the above mentioned is not the intention. -
@A-Akshatha can you explain exactly what is your goal then ?
-
We have fixed the vulnerabilities in Qt 4.8.7 . In order to check whether the vulnerability is fixed, we have to know how to reproduce the issue.
CVE-2018-19873 is all about a bitmap larger than 16384 by 16384 bytes causing a buffer overflow.
- you have fixed it, you say.
- at the same time, you need help to reproduce a buffer overflow?
Sorry again, but I have hard times believing that. How about a large bitmap and a sanitizer?
-
We have obtained the code for fixing the vulnerability from the site: https://codereview.qt-project.org/#/c/238749/
But in order to confirm and ensure whether this is the fix of the vulnerability : CVE-2018-19873,we wanted to know how it is reproduced. i.e., to check both the cases: before and after fix.
Hope now the intention behind asking the query is clear. -
So basically you trust the rest of the code is fine but not those patches? Strange logic...
-
We are doing this as part of a test case requested by our client. In that test case we have to implement before and after fix of the vulnerability CVE-2018-19873 and have to submit the proof to the client.
Hope it is clear. -
Use a large pixmap and a sanitizer for that proof.
For more advice, contact your / your client's account manager.
This forum is not for commercial support. -
We used large bitmap size say 17000x17000 but we were not able to reproduce the vulnerability.
How is this vulnerability is shown? -
As said before, contact your account manager.
I will lock this topic now. -
-