Andy ShawQT:6F23274C650B1B7F1183AA0126F59A24Security: Update regarding CVE-2023-43114
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
12.0%
A recently reported issue on Windows with the GDI font engine which had been assigned the CVE id CVE-2023-43114 was reported as having been fixed in Qt 6.5.3. Unfortunately, this was incorrect as the patch did not end up in Qt 6.5.3. The patch available at https://download.qt.io/official_releases/qt/6.5/CVE-2023-43114-6.5.patch can be used on top of Qt 6.5.3. It has been integrated into the Qt 6.5.4 version already so this release will include the patch.
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
12.0%