4 matches found
Security advisory: Loading invalid QML image source impacts Qt
An issue when loading an invalid QML image source has been reported and has been assigned the CVE id CVE-2023-45872. When an invalid source is used to indicate an image to be loaded is specified then it will end up trying to load it as a SVG file which will trigger a crash in Qt SVG. This does no...
Security: Update regarding CVE-2023-43114
A recently reported issue on Windows with the GDI font engine which had been assigned the CVE id CVE-2023-43114 was reported as having been fixed in Qt 6.5.3. Unfortunately, this was incorrect as the patch did not end up in Qt 6.5.3. The patch available at...
Two Qt security advisories: GDI Font Engine & WebP image format
An issue on Windows with the GDI font engine has been reported and has been assigned the CVE id CVE-2023-43114. When corrupt font data is passed to the GDI font engine via QFontDatabase::addApplicationFontFromData then it can trigger a crash in the application. Solution: As a workaround, validate...
Security advisory: QXmlStreamReader
A recently reported potential buffer overflow issue in QXmlStreamReader has been assigned the CVE id CVE-2023-38197. QXmlStreamReader can freeze or get out of memory on recursive entity expansion, with DTD tokens in XML body. Solution: Apply the attached patch or update to Qt 5.15.15, Qt 6.2.10, ...