CVE-2022-43591

2023-01-1217:15:09

Debian Security Bug Tracker

security-tracker.debian.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.3%

JSON

A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.

OSVersionArchitecturePackageVersionFilename
Debian12allqt6-declarative< 6.4.2+dfsg~rc1-2qt6-declarative_6.4.2+dfsg~rc1-2_all.deb
Debian999allqt6-declarative< 6.4.2+dfsg~rc1-2qt6-declarative_6.4.2+dfsg~rc1-2_all.deb
Debian13allqt6-declarative< 6.4.2+dfsg~rc1-2qt6-declarative_6.4.2+dfsg~rc1-2_all.deb
Debian12allqtdeclarative-opensource-src<= 5.15.8+dfsg-3qtdeclarative-opensource-src_5.15.8+dfsg-3_all.deb
Debian11allqtdeclarative-opensource-src<= 5.15.2+dfsg-6qtdeclarative-opensource-src_5.15.2+dfsg-6_all.deb
Debian10allqtdeclarative-opensource-src<= 5.11.3-4qtdeclarative-opensource-src_5.11.3-4_all.deb
Debian999allqtdeclarative-opensource-src<= 5.15.13+dfsg-2qtdeclarative-opensource-src_5.15.13+dfsg-2_all.deb
Debian13allqtdeclarative-opensource-src<= 5.15.13+dfsg-2qtdeclarative-opensource-src_5.15.13+dfsg-2_all.deb
Debian12allqtdeclarative-opensource-src-gles<= 5.15.8+dfsg-1qtdeclarative-opensource-src-gles_5.15.8+dfsg-1_all.deb
Debian11allqtdeclarative-opensource-src-gles<= 5.15.2+dfsg-2qtdeclarative-opensource-src-gles_5.15.2+dfsg-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	qt6-declarative	< 6.4.2+dfsg~rc1-2	qt6-declarative_6.4.2+dfsg~rc1-2_all.deb
Debian	999	all	qt6-declarative	< 6.4.2+dfsg~rc1-2	qt6-declarative_6.4.2+dfsg~rc1-2_all.deb
Debian	13	all	qt6-declarative	< 6.4.2+dfsg~rc1-2	qt6-declarative_6.4.2+dfsg~rc1-2_all.deb
Debian	12	all	qtdeclarative-opensource-src	<= 5.15.8+dfsg-3	qtdeclarative-opensource-src_5.15.8+dfsg-3_all.deb
Debian	11	all	qtdeclarative-opensource-src	<= 5.15.2+dfsg-6	qtdeclarative-opensource-src_5.15.2+dfsg-6_all.deb
Debian	10	all	qtdeclarative-opensource-src	<= 5.11.3-4	qtdeclarative-opensource-src_5.11.3-4_all.deb
Debian	999	all	qtdeclarative-opensource-src	<= 5.15.13+dfsg-2	qtdeclarative-opensource-src_5.15.13+dfsg-2_all.deb
Debian	13	all	qtdeclarative-opensource-src	<= 5.15.13+dfsg-2	qtdeclarative-opensource-src_5.15.13+dfsg-2_all.deb
Debian	12	all	qtdeclarative-opensource-src-gles	<= 5.15.8+dfsg-1	qtdeclarative-opensource-src-gles_5.15.8+dfsg-1_all.deb
Debian	11	all	qtdeclarative-opensource-src-gles	<= 5.15.2+dfsg-2	qtdeclarative-opensource-src-gles_5.15.2+dfsg-2_all.deb