Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : QT WebEngine vulnerability (USN-8347-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8347-1 advisory. It was discovered that the vendored LibTIFF in QT WebEngine incorrectly handled memory when parsing malformed TIFF...

USN-8347-1: QT WebEngine vulnerability

It was discovered that the vendored LibTIFF in QT WebEngine incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code...

USN-8347-1 qtwebengine-opensource-src vulnerability

It was discovered that the vendored LibTIFF in QT WebEngine incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code...

[SECURITY] Fedora 44 Update: qt6-qtwebengine-6.10.3-1.fc44

Qt6 - QtWebEngine components...

[SECURITY] Fedora 42 Update: qt5-qtwebengine-5.15.19-2.fc42

Qt5 - QtWebEngine components...

Fedora 42 : deepin-qt5integration / deepin-qt5platform-plugins / dtkcore / etc (2025-976ccd79ae)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-976ccd79ae advisory. Qt 5.15.18 bugfix release. ---- Qt5 WebEngine update to 5.15.19. Tenable has extracted the preceding description block directly from the Fedora security...

FreeBSD : qt6-webengine -- Multiple vulnerabilities (c27c05a7-a0c8-11f0-8471-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c27c05a7-a0c8-11f0-8471-4ccc6adda413 advisory. Qt qtwebengine-chromium repo reports: Backports for 9 security bugs in Chromium: Tenable has...

Linux Distros Unpatched Vulnerability : CVE-2015-1290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 11 security bugs in Chromium: CVE-2024-11477: 7-Zip Zstd decompression integer underflow CVE-2025-0762: Use after free in DevTools CVE-2025-0996: Inappropriate implementation in Browser UI CVE-2025-0998: Out of bounds memory access in V8...

qt5-webengine -- Use after free in Compositing

Qt qtwebengine-chromium repo reports: Backports for 1 security bug in Chromium: CVE-2024-12694: Use after free in Compositing...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 5 security bugs in Chromium: CVE-2024-11110: Inappropriate implementation in Blink CVE-2024-11112: Use after free in Media CVE-2024-11114: Inappropriate implementation in Views CVE-2024-11116: Inappropriate implementation in Paint CVE-2024-11117...

Qt WebEngine: Multiple vulnerabilities

Background Library for rendering dynamic web content in Qt5 C++ and QML applications. Description Multiple vulnerabilities have been discovered in Qt WebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

GLSA-202101-30 : Qt WebEngine: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202101-30 Qt WebEngine: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Qt WebEngine. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers...

GLSA-202004-04 : Qt WebEngine: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-202004-04 Qt WebEngine: Arbitrary code execution A use-after-free vulnerability has been found in the audio component of Qt WebEngine. Impact : A remote attacker could entice a user to open a specially crafted media file in an...

Qt WebEngine: Arbitrary code execution

Background Library for rendering dynamic web content in Qt5 C++ and QML applications. Description A use-after-free vulnerability has been found in the audio component of Qt WebEngine. Impact A remote attacker could entice a user to open a specially crafted media file in an application linked...

UBUNTU-CVE-2015-1290

The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via a crafted web site...