Hi, Thank you for bringing this to oss-security! As I also communicated privately, as a moderator I had to repair this message's content prior to approving it because the text/plain section was garbled to the point of being unreadable. This is why the delay (message received April 22, approved April 24). However, I did not edit any of the content beyond making it look right in text/plain, so I post this follow-up instead:
On Tue, Apr 22, 2025 at 11:36:46AM +0000, 田世林 wrote: > A heap buffer overflow vulnerability exists in `QTextMarkdownImporter`. > When parsing the front matter of a Markdown file, the code assumes that > more characters (e.g., a newline) will be present in the input after > finding the closing marker `---`. However, if the input stream ends with > the `----` delimiter and lacks a trailing newline, calling > `QStringView::sliced()` will attempt to access characters beyond the end > of the string, causing the program to crash. This reads like it's an out-of-bounds read, _not_ a buffer overflow - or if it somehow _is_ a buffer overflow, then the description is lacking. Can we please try and label vulnerabilities correctly? There appears to be a growing trend towards calling OOB reads "buffer overflows". Just this month on oss-security, we saw this for a giflib bug and then for two libxml2 bugs, and now QTextMarkdownImporter is like the fourth with this same kind of mis-labeling in here this month. Thanks, and sorry for maybe sounding negative - I don't mean to be. Alexander
