[Development] [Announce] Security advisory: Recently reported zlib compression issue impacts Qt

List for announcements regarding Qt releases and development announce at qt-project.org
Wed Apr 6 15:52:13 CEST 2022


zlib has recently reported that it has a security issue when deflating which could cause memory corruption if the input has many distant matches. This is reported in a bit more detail here: https://github.com/madler/zlib/issues/605 and has been assigned the CVE id CVE-2018-25032. This has been fixed in an update to zlib 1.2.12

This affects some aspects of Qt, particularly when compressing ODF files (via QTextDocumentWriter), compressing PNG files when they are saved and also when qCompress() is used.

Solution: Apply the following patch or update to Qt 5.15.9, Qt 6.2.5, or Qt 6.3.0.

Patches:

dev: https://codereview.qt-project.org/c/qt/qtbase/+/403020
6.3: https://codereview.qt-project.org/c/qt/qtbase/+/403623 or https://download.qt.io/official_releases/qt/6.3/CVE-2018-25032-qtbase-6.3.diff
6.2: https://codereview.qt-project.org/c/qt/qtbase/+/403625  or https://download.qt.io/official_releases/qt/6.2/CVE-2018-25032-qtbase-6.2.diff
5.15: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/403628 or https://download.qt.io/official_releases/qt/5.15/CVE-2018-25032-qtbase-5.15.diff

Kind regards,
Andy
--
Andy Shaw
Senior Manager Customer Support
The Qt Company

_______________________________________________
Announce mailing list
Announce at qt-project.org
https://lists.qt-project.org/listinfo/announce


More information about the Development mailing list