Vulnerabilities (CVE)

Filtered by vendor Qt Subscribe
Total 54 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-33285 1 Qt 1 Qt 2024-05-01 N/A 5.3 MEDIUM
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
CVE-2023-32763 1 Qt 1 Qt 2024-05-01 N/A 7.5 HIGH
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
CVE-2023-24607 1 Qt 1 Qt 2024-05-01 N/A 7.5 HIGH
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
CVE-2021-28025 1 Qt 1 Qt 2024-02-05 N/A 5.5 MEDIUM
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
CVE-2023-32573 2 Qt, Redhat 2 Qt, Enterprise Linux 2024-02-04 N/A 6.5 MEDIUM
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
CVE-2023-34410 1 Qt 1 Qt 2024-02-04 N/A 5.3 MEDIUM
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
CVE-2021-3481 1 Qt 1 Qt 2024-02-04 N/A 7.1 HIGH
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
CVE-2022-25634 1 Qt 1 Qt 2024-02-04 5.0 MEDIUM 7.5 HIGH
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.
CVE-2022-25255 3 Linux, Opengroup, Qt 3 Linux Kernel, Unix, Qt 2024-02-04 7.2 HIGH 7.8 HIGH
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
CVE-2021-45930 3 Debian, Fedoraproject, Qt 3 Debian Linux, Fedora, Qtsvg 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).
CVE-2020-24742 1 Qt 1 Qt 2024-02-04 6.8 MEDIUM 7.8 HIGH
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
CVE-2020-0569 5 Canonical, Debian, Intel and 2 more 26 Ubuntu Linux, Debian Linux, 7265 and 23 more 2024-02-04 2.7 LOW 5.7 MEDIUM
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-12267 1 Qt 1 Qt 2024-02-04 7.5 HIGH 9.8 CRITICAL
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
CVE-2020-13962 4 Fedoraproject, Mumble, Opensuse and 1 more 4 Fedora, Mumble, Leap and 1 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
CVE-2020-17507 3 Debian, Fedoraproject, Qt 3 Debian Linux, Fedora, Qt 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
CVE-2020-0570 2 Qt, Redhat 2 Qt, Enterprise Linux 2024-02-04 4.4 MEDIUM 7.3 HIGH
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
CVE-2019-18281 2 Debian, Qt 2 Debian Linux, Qtbase 2024-02-04 4.3 MEDIUM 4.3 MEDIUM
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
CVE-2015-9541 2 Fedoraproject, Qt 2 Fedora, Qt 2024-02-04 5.0 MEDIUM 7.5 HIGH
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
CVE-2018-21035 1 Qt 1 Qt 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
CVE-2018-19872 3 Fedoraproject, Opensuse, Qt 3 Fedora, Leap, Qt 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.