FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qt6-base (core module) -- Invalid pointer in QStringConverter

Affected packages
6.5.0 <= qt6-base <= 6.5.5
6.6.0 <= qt6-base < 6.7.0

Details

VuXML ID e79cc4e2-12d7-11ef-83d8-4ccc6adda413
Discovery 2024-05-02
Entry 2024-05-15

Andy Shaw reports:

QStringConverter has an invalid pointer being passed as a callback which can allow modification of the stack. Qt itself is not vulnerable to remote attack however an application using QStringDecoder either directly or indirectly can be vulnerable.

This requires:

  1. the attacker be able to tell the application a specific codec to use
  2. the attacker be able to feed the application data in a specific way to cause the desired modification
  3. the attacker what in the stack will get modified, which requires knowing the build of the application (and not all builds will be vulnerable)
  4. the modification do anything in particular that is useful to the attacker, besides maybe crashing the application

Qt does not automatically use any of those codecs, so this needs the application to implement something using QStringDecoder to be vulnerable.

References

CVE Name CVE-2024-33861
URL https://www.qt.io/blog/security-advisory-qstringconverter