SUSE update for libqt5-qt3d

Published: 2024-09-02

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-40724
CWE-ID	CWE-122
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Desktop Applications Module Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system libqt5-qt3d-private-headers-devel Operating systems & Components / Operating system package or component libQt53DRender5-debuginfo Operating systems & Components / Operating system package or component libQt53DQuickAnimation5-debuginfo Operating systems & Components / Operating system package or component libQt53DLogic5 Operating systems & Components / Operating system package or component libQt53DLogic-devel Operating systems & Components / Operating system package or component libQt53DQuickRender5-debuginfo Operating systems & Components / Operating system package or component libQt53DQuickExtras5 Operating systems & Components / Operating system package or component libQt53DInput5-debuginfo Operating systems & Components / Operating system package or component libqt5-qt3d-debugsource Operating systems & Components / Operating system package or component libQt53DCore5-debuginfo Operating systems & Components / Operating system package or component libQt53DCore-devel Operating systems & Components / Operating system package or component libqt5-qt3d-debuginfo Operating systems & Components / Operating system package or component libQt53DQuickScene2D-devel Operating systems & Components / Operating system package or component libQt53DExtras5 Operating systems & Components / Operating system package or component libQt53DQuick5 Operating systems & Components / Operating system package or component libqt5-qt3d-imports Operating systems & Components / Operating system package or component libQt53DQuickRender-devel Operating systems & Components / Operating system package or component libQt53DQuickExtras-devel Operating systems & Components / Operating system package or component libQt53DQuickInput-devel Operating systems & Components / Operating system package or component libqt5-qt3d-imports-debuginfo Operating systems & Components / Operating system package or component libQt53DQuick5-debuginfo Operating systems & Components / Operating system package or component libQt53DQuickRender5 Operating systems & Components / Operating system package or component libQt53DQuickScene2D5 Operating systems & Components / Operating system package or component libQt53DQuickExtras5-debuginfo Operating systems & Components / Operating system package or component libQt53DExtras-devel Operating systems & Components / Operating system package or component libQt53DInput5 Operating systems & Components / Operating system package or component libQt53DQuickAnimation5 Operating systems & Components / Operating system package or component libQt53DQuick-devel Operating systems & Components / Operating system package or component libqt5-qt3d-tools Operating systems & Components / Operating system package or component libQt53DQuickInput5-debuginfo Operating systems & Components / Operating system package or component libQt53DAnimation5 Operating systems & Components / Operating system package or component libQt53DExtras5-debuginfo Operating systems & Components / Operating system package or component libQt53DAnimation5-debuginfo Operating systems & Components / Operating system package or component libqt5-qt3d-examples-debuginfo Operating systems & Components / Operating system package or component libQt53DRender5 Operating systems & Components / Operating system package or component libqt5-qt3d-devel Operating systems & Components / Operating system package or component libQt53DInput-devel Operating systems & Components / Operating system package or component libQt53DAnimation-devel Operating systems & Components / Operating system package or component libQt53DRender-devel Operating systems & Components / Operating system package or component libQt53DQuickInput5 Operating systems & Components / Operating system package or component libQt53DCore5 Operating systems & Components / Operating system package or component libQt53DLogic5-debuginfo Operating systems & Components / Operating system package or component libqt5-qt3d-examples Operating systems & Components / Operating system package or component libQt53DQuickAnimation-devel Operating systems & Components / Operating system package or component libQt53DQuickScene2D5-debuginfo Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Heap-based buffer overflow

EUVDB-ID: #VU94525

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40724

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can use a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package libqt5-qt3d to the latest version.

Vulnerable software versions

Desktop Applications Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

libqt5-qt3d-private-headers-devel: before 5.15.8+kde0-150500.3.3.1

libQt53DRender5-debuginfo: before 5.15.8+kde0-150500.3.3.1

libQt53DQuickAnimation5-debuginfo: before 5.15.8+kde0-150500.3.3.1

libQt53DLogic5: before 5.15.8+kde0-150500.3.3.1

libQt53DLogic-devel: before 5.15.8+kde0-150500.3.3.1

libQt53DQuickRender5-debuginfo: before 5.15.8+kde0-150500.3.3.1

libQt53DQuickExtras5: before 5.15.8+kde0-150500.3.3.1

libQt53DInput5-debuginfo: before 5.15.8+kde0-150500.3.3.1

libqt5-qt3d-debugsource: before 5.15.8+kde0-150500.3.3.1

libQt53DCore5-debuginfo: before 5.15.8+kde0-150500.3.3.1

libQt53DCore-devel: before 5.15.8+kde0-150500.3.3.1

libqt5-qt3d-debuginfo: before 5.15.8+kde0-150500.3.3.1

libQt53DQuickScene2D-devel: before 5.15.8+kde0-150500.3.3.1

libQt53DExtras5: before 5.15.8+kde0-150500.3.3.1

libQt53DQuick5: before 5.15.8+kde0-150500.3.3.1

libqt5-qt3d-imports: before 5.15.8+kde0-150500.3.3.1

libQt53DQuickRender-devel: before 5.15.8+kde0-150500.3.3.1

libQt53DQuickExtras-devel: before 5.15.8+kde0-150500.3.3.1

libQt53DQuickInput-devel: before 5.15.8+kde0-150500.3.3.1

libqt5-qt3d-imports-debuginfo: before 5.15.8+kde0-150500.3.3.1

libQt53DQuick5-debuginfo: before 5.15.8+kde0-150500.3.3.1

libQt53DQuickRender5: before 5.15.8+kde0-150500.3.3.1

libQt53DQuickScene2D5: before 5.15.8+kde0-150500.3.3.1

libQt53DQuickExtras5-debuginfo: before 5.15.8+kde0-150500.3.3.1

libQt53DExtras-devel: before 5.15.8+kde0-150500.3.3.1

libQt53DInput5: before 5.15.8+kde0-150500.3.3.1

libQt53DQuickAnimation5: before 5.15.8+kde0-150500.3.3.1

libQt53DQuick-devel: before 5.15.8+kde0-150500.3.3.1

libqt5-qt3d-tools: before 5.15.8+kde0-150500.3.3.1

libQt53DQuickInput5-debuginfo: before 5.15.8+kde0-150500.3.3.1

libQt53DAnimation5: before 5.15.8+kde0-150500.3.3.1

libQt53DExtras5-debuginfo: before 5.15.8+kde0-150500.3.3.1

libQt53DAnimation5-debuginfo: before 5.15.8+kde0-150500.3.3.1

libqt5-qt3d-examples-debuginfo: before 5.15.8+kde0-150500.3.3.1

libQt53DRender5: before 5.15.8+kde0-150500.3.3.1

libqt5-qt3d-devel: before 5.15.8+kde0-150500.3.3.1

libQt53DInput-devel: before 5.15.8+kde0-150500.3.3.1

libQt53DAnimation-devel: before 5.15.8+kde0-150500.3.3.1

libQt53DRender-devel: before 5.15.8+kde0-150500.3.3.1

libQt53DQuickInput5: before 5.15.8+kde0-150500.3.3.1

libQt53DCore5: before 5.15.8+kde0-150500.3.3.1

libQt53DLogic5-debuginfo: before 5.15.8+kde0-150500.3.3.1

libqt5-qt3d-examples: before 5.15.8+kde0-150500.3.3.1

libQt53DQuickAnimation-devel: before 5.15.8+kde0-150500.3.3.1

libQt53DQuickScene2D5-debuginfo: before 5.15.8+kde0-150500.3.3.1

CPE2.3

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243079-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.