Security advisory: Recently reported zlib compression issue impacts Qt
April 05, 2022 by Andy Shaw | Comments
zlib has recently reported that it has a security issue when deflating which could cause memory corruption if the input has many distant matches. This is reported in a bit more detail here: https://github.com/madler/zlib/issues/605 and has been assigned the CVE id CVE-2018-25032. This has been fixed in an update to zlib 1.2.12
This affects some aspects of Qt, particularly when compressing ODF files (via QTextDocumentWriter), compressing PNG files when they are saved and also when qCompress() is used.
Solution: Apply the following patch or update to Qt 5.15.9, Qt 6.2.5, or Qt 6.3.0.
6.3: https://codereview.qt-project.org/c/qt/qtbase/+/403623 or https://download.qt.io/official_releases/qt/6.3/CVE-2018-25032-qtbase-6.3.diff
6.2: https://codereview.qt-project.org/c/qt/qtbase/+/403625 or https://download.qt.io/official_releases/qt/6.2/CVE-2018-25032-qtbase-6.2.diff
5.15: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/403628 or https://download.qt.io/official_releases/qt/5.15/CVE-2018-25032-qtbase-5.15.diff
Subscribe to our newsletter
Try Qt 6.4 Now!
Download the latest release here: www.qt.io/download.
Qt 6 is the productivity platform for the future, with next-gen 2D & 3D UX and limitless scalability.
Explore Qt World
Check our Qt demos and case studies in the virtual Qt World
Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.
Näytä tämä julkaisu Instagramissa.
Want to build something for tomorrow, join #QtPeople today! We have loads of cool jobs you don't want to miss! http://qt.io/careers #builtwithQt #software #developers #coding #framework #tool #tooling #C++ #QML #engineers #sales #tech #technology #UI #UX #CX #Qt #Qtdev #global #openpositions #careers #job
Henkilön Qt (@theqtcompany) jakama julkaisu