Security advisory: Improper validation of tag size in Text component parser in Qt declarative module impacts Qt

Improper Validation of Specified Quantity in Input vulnerability in Text component parser of the Qt declarative module has been discovered and has been assigned the CVE id CVE-2025-12385 Affected versions: From Qt 5.0.0 to 6.5.10 and from 6.6.0 to 6.8.5 and from 6.9.0 to 6.10.0 Impact: Allocation...

Security advisory: Improper validation of img tag size in Text component parser in Qt declarative module impacts Qt

Improper Validation of Specified Quantity in Input vulnerability in Text component parser of the Qt declarative module has been discovered and has been assigned the CVE id CVE-2025-12385 Affected versions: From Qt 5.0.0 to 6.5.10 and from 6.6.0 to 6.8.5 and from 6.9.0 to 6.10.0 Impact: Allocation...

Security advisory: Uncontrolled Recursion and Use-After-Free vulnerabilities in Qt SVG module impact Qt

Two vulnerabilities in Qt SVG module have been discovered. Uncontrolled recursion vulnerability has been assigned the CVE id CVE-2025-10728. Whereas Use-After-Free vulnerability has been assigned the CVE id CVE-2025-10729. Uncontrolled recursion vulnerability in Qt SVG CVE-2025-10728 Affected...

Security advisory: Recently reported denial of service issue in QColorTransferGenericFunction impacts Qt

When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile. This has been assigned the CVE id CVE-2025-5992. Affected versions: Qt...

Security advisory: Recently reported incomplete cleanup issue in Qt's Schannel handling can impact Qt

There is a "Incomplete Cleanup" problem in Qt’s Schannel handling when it is used to provide a server handling incoming TLS connections. This has been assigned the CVE id CVE-2025-6338. Affected versions: This issue affects only the Schannel functionality on Windows if it is turned on in Qt 5.15...

Security advisory: Recently discovered Use After Free issue in QHttp2ProtocolHandler impacts Qt

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This has been assigned the CVE id CVE-2025-5991. Affected versions: Qt version 6.9.0. This is fixed in 6.9.1. Impact: This only affects HTTP/2 handling, HTTP handling is not affected by this at all...

Security advisory: Recently discovered issue in ICNS image format handling impacts Qt

When loading a specifically crafted ICNS format image file then it will trigger a crash. This has been assigned the CVE id CVE-2025-5683. Affected versions: All versions of Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1. Impact: If...

Security advisory: Recently discovered issue in qDecodeDataUrl() in QtCore impacts Qt

An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. This has been assigned the CVE id CVE-2025-5455. Affected versions: All version of Qt up to and including 5.15.18, from 6.0.0 through 6.5.8,...

Security advisory: Improper Link Resolution Before File Access in QFileSystemEngine in the Qt corelib module on Windows impacts Qt

Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows potentially allows Symlink Attacks and the use of Malicious Files. This vulnerability has been discovered and assigned the CVE ID CVE-2025-4211. The issue originates...

Security advisory: A Heap-buffer-overflow issue in QTextMarkdownImporter impacts Qt

A Heap-buffer-overflow issue in QTextMarkdownImporter has been discovered and has been assigned the CVE id CVE-2025-3512. Affected versions: From 6.8.0 up to 6.8.3. Versions before 6.6.0 are known to be unaffected. Impact: Passing an incorrectly formatted markdown file to QTextMarkdownImporter ca...

Qt Group Authorized as a CVE Numbering Authority (CNA) by the CVE Program

Qt Group has been authorized by the Common Vulnerabilities and Exposures CVE® Program as a CVE Numbering Authority CNA, covering all Qt products. It is a significant milestone on Qt’s cybersecurity strategy and aligns with our commitment to robust vulnerability management processes and practices...

Security advisory: A Denial-of-Service type of security issue in Qt XML module impacts Qt

A Denial-of-Service type of security issue in QDom classes of Qt XML module has been discovered and has been assigned the CVE id CVE-2025-30348. Affected versions: Up to 5.15.18, 6.0.0 to 6.5.8, and 6.6.0 to 6.7.3. Impact: When QDom classes are used to write XML with long text segments,...

Security advisory: A read past the end of the buffer and division by zero security issue in QLowEnergyController on Linux impacts Qt

A read past the end of the buffer and division by zero security issue in QLowEnergyController in the Qt Bluetooth module on Linux has been discovered and has been assigned the CVE id CVE-2025-23050. Affected versions: From Qt 5.4.0 to 5.15.18, 6.0.0 to 6.5.8, and 6.6.0 to 6.8.1. Impact:...

Security advisory: Recently discovered HTTP2 handling issue impacts Qt

Whenever a TLS connection is started for a server that supports HTTP2 and has sent some data to the application then Qt will send data to the server even if the TLS certificate does not match the address it has been redirected too. This has been assigned the CVE id CVE-2024-39936. This is known t...

Security advisory: OAuth1 in QtNetworkAuth

The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG that was seeded with a predictable seed. This issue has been assigned the CVE id CVE-2024-36048. This means that an attacker that can somehow control the time of the first OAuth1 flow of the process has a high chance of...

Security advisory: QStringConverter

QStringConverter has an invalid pointer being passed as a callback which can allow modification of the stack and has been assigned the CVE id CVE-2024-33861. Qt itself is not vulnerable to remote attack however an application using QStringDecoder either directly or indirectly can be vulnerable...

Security advisory: Potential Use-After-Free issue in Qt for WebAssembly’s implementation of QNetworkReply

A recently reported potential Use-After-Free issue in Qt’s wasm implementation of QNetworkReply has been assigned the CVE id CVE-2024-30161. The issue was discovered in Qt versions 6.5.4, 6.5.5, and 6.6.2. QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly if...

Security advisory: Potential Buffer Overflow when reading KTX images

A recently reported potential buffer overflow issue in Qt’s KTX’s image handling has been assigned the CVE id CVE-2024-25580. An issue was discovered in Qt from 5.12.0 through 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. With a specifically crafted KTX ima...

Security advisory: Potential Integer Overflow in Qt's HTTP2 implementation

A recently reported potential integer overflow issue in Qt’s HTTP2 implementation has been assigned the CVE id CVE-2023-51714. An issue was discovered in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. If the HTTP2 implementation receives more then...

Security advisory: Loading invalid QML image source impacts Qt

An issue when loading an invalid QML image source has been reported and has been assigned the CVE id CVE-2023-45872. When an invalid source is used to indicate an image to be loaded is specified then it will end up trying to load it as a SVG file which will trigger a crash in Qt SVG. This does no...

Security: Update regarding CVE-2023-43114

A recently reported issue on Windows with the GDI font engine which had been assigned the CVE id CVE-2023-43114 was reported as having been fixed in Qt 6.5.3. Unfortunately, this was incorrect as the patch did not end up in Qt 6.5.3. The patch available at...

Two Qt security advisories: GDI Font Engine & WebP image format

An issue on Windows with the GDI font engine has been reported and has been assigned the CVE id CVE-2023-43114. When corrupt font data is passed to the GDI font engine via QFontDatabase::addApplicationFontFromData then it can trigger a crash in the application. Solution: As a workaround, validate...

Two Qt security advisorys: GDI Font Engine & WebP image format

An issue on Windows with the GDI font engine has been reported and has been assigned the CVE id CVE-2023-43114. When corrupt font data is passed to the GDI font engine via QFontDatabase::addApplicationFontFromData then it can trigger a crash in the application. Solution: As a workaround, validate...

Security advisory: QXmlStreamReader

A recently reported potential buffer overflow issue in QXmlStreamReader has been assigned the CVE id CVE-2023-38197. QXmlStreamReader can freeze or get out of memory on recursive entity expansion, with DTD tokens in XML body. Solution: Apply the attached patch or update to Qt 5.15.15, Qt 6.2.10, ...

Security advisory: Qt Network

A recent SSL issue affecting both OpenSSL and Schannel in Qt Network has been reported and has been assigned the CVE id CVE-2023-34410. In some circumstances, system CA certificates list remains unexpectedly active for the authentication of SSL peers. In a case where clients are supposed to be...

Security Advisory: Qt Network

Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not matching directly. Unencrypted connections are susceptible to...

Security advisory: Qt SVG

A recent buffer overflow issue in Qt SVG has been reported and has been assigned the CVE id CVE-2023-32763. This effects all Qt versions up to and including Qt 5.15.14, Qt 6.0.0-6.2.8 and Qt 6.3.0-6.5.0 When a SVG file with an image inside it is rendered, a QTextLayout overflow can be triggered...

Regarding recent reported security vulnerabilities from Cisco Talos

Back in October 2022, the Qt Project Security team was contacted by someone at Cisco Talos to report an issue with integer and buffer overflow issues in QML which they considered a vulnerability in Qt 6.3. This has recently been made public by Cisco Talos here. This has also resulted in two CVEs ...

Security advisory: zlib in Qt

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field and has been assigned the CVE id CVE-2022-37434. As this only affects applications that call inflateGetHeader directly then applications using Qt are not directly...

Security advisory: FreeType in Qt

There have been three vulnerabilities found in FreeType recently and they have been assigned the CVE ids CVE-2022-27404, CVE-2022-27405, CVE-2022-27406. This has been fixed in the latest version of FreeType – v2.12.1 These effects configurations of Qt that have been built against the bundled...

Security advisory: Recently reported zlib compression issue impacts Qt

zlib has recently reported that it has a security issue when deflating which could cause memory corruption if the input has many distant matches. This is reported in a bit more detail here: and has been assigned the CVE id CVE-2018-25032. This has been fixed in an update to zlib 1.2.12 This affec...

Security advisory: Recently reported Chromium "Type confusion" issue impacts Qt WebEngine

Google has recently reported that Chromium has a security issue - Type confusion in the V8 JavaScript engine - which is reported in a bit more detail here: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop25.html. This has been assigned the CVE id CVE-2022-1096. This...

Security advisory: QLockFile, QAuthenticator, Windows platform plugin

Recently, the Qt Project's security team was made aware of an issue regarding Qt's usage of LoadLibrary in a few locations and determined it to be a security issue on Windows only. Specifically, the problem is connected to when LoadLibrary is used to load a system library, such as opengl.dll as...

Security advisory: QProcess

Recently, the Qt Project's security team was made aware of an issue regarding QProcess and determined it to be a security issue on Unix-based platforms only. We do not believe this to be a considerable risk for applications as the likelihood of it being triggered is minimal. Specifically, the...

The Qt Company Products Are Not Affected by CVE-2021-44228 (Log4j vulnerability)

None of The Qt Company products are affected by the Apache Log4j vulnerability CVE-2021-44228. The vulnerable or any other versions of the Apache log4j library are not used in the Qt framework, Qt Creator, Qt Design Studio, Squish, Coco, Test Center, Qt for MCU or in any other products offered by...

Qt 5.12.4 Released with support for OpenSSL 1.1.1

Qt 5.12.4, the fourth patch release of Qt 5.12 LTS, is released today. Qt 5.12.4 release provides a number of bug fixes, as well as performance and other improvements. As an important new item it provides binaries build with OpenSSL 1.1.1, including the new TLS 1.3 functionality. Compared to Qt...

Security for Connected Devices

With this post, I want to continue from earlier discussions on security posted here and here and focus on Connected Devices or the Internet of Things IoT. IoT typically represents a network of physical objects or “things” embedded with electronics, software, sensors, and connectivity to enable...

Qt 5.11.3 Released with Important Security Updates

Qt 5.11.3 is released today. As a patch release it does not add any new functionality, but provides important bug fixes, security updates and other improvements. Compared to Qt 5.11.2, the Qt 5.11.3 release provides fixes for over 100 bugs and it contains around 300 changes in total. For details ...

Security advisory about Qt for Android

Two vulnerabilities have been identified in Qt for Android which could be used by a malicious application to hijack an existing Qt for Android application on the same device. The vulnerabilities in question were found by Satoru Nagaoka from Cyber Defense Institute, Inc., and have been assigned th...

Qt Weekly #26: Protecting your application against hacking

Open-source applications are open by nature, indented and encouraged for tweaking, hacking and further development. For a business critical application or a device there sometimes is desire to make it closed and prevent modifications. Because of the dual licensing, Qt offers a commercial license...

Heartbleed Bug (CVE-2014-0160) and Qt

Although Qt as such is not affected by the Heartbleed Bug CVE-2014-0160 found in OpenSSL, it affects users of Qt, so I wanted to write a short summary about the topic. As defined at : "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakne...