Filtered by vendor Qt
Subscribe
Total
54 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-33285 | 1 Qt | 1 Qt | 2024-05-01 | N/A | 5.3 MEDIUM |
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. | |||||
CVE-2023-32763 | 1 Qt | 1 Qt | 2024-05-01 | N/A | 7.5 HIGH |
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. | |||||
CVE-2023-24607 | 1 Qt | 1 Qt | 2024-05-01 | N/A | 7.5 HIGH |
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. | |||||
CVE-2021-28025 | 1 Qt | 1 Qt | 2024-02-05 | N/A | 5.5 MEDIUM |
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). | |||||
CVE-2023-32573 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2024-02-04 | N/A | 6.5 MEDIUM |
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. | |||||
CVE-2023-34410 | 1 Qt | 1 Qt | 2024-02-04 | N/A | 5.3 MEDIUM |
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. | |||||
CVE-2021-3481 | 1 Qt | 1 Qt | 2024-02-04 | N/A | 7.1 HIGH |
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability. | |||||
CVE-2022-25634 | 1 Qt | 1 Qt | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. | |||||
CVE-2022-25255 | 3 Linux, Opengroup, Qt | 3 Linux Kernel, Unix, Qt | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. | |||||
CVE-2021-45930 | 3 Debian, Fedoraproject, Qt | 3 Debian Linux, Fedora, Qtsvg | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect). | |||||
CVE-2020-24742 | 1 Qt | 1 Qt | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. | |||||
CVE-2020-0569 | 5 Canonical, Debian, Intel and 2 more | 26 Ubuntu Linux, Debian Linux, 7265 and 23 more | 2024-02-04 | 2.7 LOW | 5.7 MEDIUM |
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. | |||||
CVE-2020-12267 | 1 Qt | 1 Qt | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. | |||||
CVE-2020-13962 | 4 Fedoraproject, Mumble, Opensuse and 1 more | 4 Fedora, Mumble, Leap and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) | |||||
CVE-2020-17507 | 3 Debian, Fedoraproject, Qt | 3 Debian Linux, Fedora, Qt | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. | |||||
CVE-2020-0570 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2024-02-04 | 4.4 MEDIUM | 7.3 HIGH |
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. | |||||
CVE-2019-18281 | 2 Debian, Qt | 2 Debian Linux, Qtbase | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters. | |||||
CVE-2015-9541 | 2 Fedoraproject, Qt | 2 Fedora, Qt | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. | |||||
CVE-2018-21035 | 1 Qt | 1 Qt | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). | |||||
CVE-2018-19872 | 3 Fedoraproject, Opensuse, Qt | 3 Fedora, Leap, Qt | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. |