Qt Security Vulnerabilities and Issues — Qt CVE List

Lucene search

QtQt

14 matches found

CVE•added 2020/06/09 12:15 a.m.•354 views

CVE-2020-13962

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mu...

7.5CVSS7.1AI score0.0111EPSS

CVE•added 2021/08/12 2:15 a.m.•249 views

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

7.5CVSS7.4AI score0.00935EPSS

CVE•added 2020/09/14 7:15 p.m.•219 views

CVE-2020-0570

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.

7.3CVSS6.9AI score0.00241EPSS

CVE•added 2020/01/24 10:15 p.m.•194 views

CVE-2015-9541

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

7.5CVSS6.9AI score0.00852EPSS

CVE•added 2022/08/22 3:15 p.m.•146 views

CVE-2021-3481

A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat ...

7.1CVSS6.5AI score0.00035EPSS

CVE•added 2022/02/16 7:15 p.m.•136 views

CVE-2022-25255

In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.

7.8CVSS7.3AI score0.00053EPSS

CVE•added 2023/05/28 11:15 p.m.•134 views

CVE-2023-32763

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.

7.5CVSS7.6AI score0.00086EPSS

CVE•added 2018/12/05 11:29 a.m.•120 views

CVE-2018-19865

A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.

7.5CVSS7.4AI score0.00813EPSS

CVE•added 2023/08/20 7:15 a.m.•112 views

CVE-2023-37369

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.

7.5CVSS7.2AI score0.00261EPSS

CVE•added 2023/04/15 1:15 a.m.•107 views

CVE-2023-24607

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.

7.5CVSS7.3AI score0.00426EPSS

CVE•added 2022/03/02 3:15 p.m.•106 views

CVE-2022-25634

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

7.5CVSS7.4AI score0.01674EPSS

CVE•added 2023/07/13 2:15 a.m.•86 views

CVE-2023-38197

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.

7.5CVSS7.3AI score0.00053EPSS

CVE•added 2021/08/09 10:15 p.m.•81 views

CVE-2020-24742

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

7.8CVSS7.7AI score0.00569EPSS

CVE•added 2017/10/04 1:29 a.m.•47 views

CVE-2017-15011

The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.

7.5CVSS7.4AI score0.00578EPSS