Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <tencent_11C8C35C2CF529292F8447A8@qq.com>
Date: Tue, 22 Apr 2025 11:36:46 +0000
From: "田世林" <tianshilin@...pin.org>
To: "oss-security" <oss-security@...ts.openwall.com>
Subject: CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow

A heap buffer overflow vulnerability exists in `QTextMarkdownImporter`.
When parsing the front matter of a Markdown file, the code assumes that
more characters (e.g., a newline) will be present in the input after
finding the closing marker `---`. However, if the input stream ends with
the `----` delimiter and lacks a trailing newline, calling
`QStringView::sliced()` will attempt to access characters beyond the end
of the string, causing the program to crash.

Causes of the vulnerability:

1. Insufficient boundary checks: The case where the delimiter appears at
the end of the input was not handled correctly.
2. Overly permissive marker requirements: Allowing unexpected whitespace
or other formatting errors led to issues in the parsing logic.

   Affected versions: 6.8.0 to 6.8.3
   Unaffected versions: Versions prior to 6.6.0

   Fix patch: https://codereview.qt-project.org/c/qt/qtbase/+/635546

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.