Search CVE reports


Toggle filters

1 – 10 of 13 results


CVE-2024-25580

Medium priority
Needs evaluation

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.

3 affected packages

qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt6-base Needs evaluation Needs evaluation Not in release Not in release Not in release
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Not in release Needs evaluation
Show less packages

CVE-2024-30161

Medium priority
Needs evaluation

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)

3 affected packages

qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt6-base Needs evaluation Needs evaluation Not in release
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-51714

Medium priority
Needs evaluation

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.

3 affected packages

qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt6-base Needs evaluation Needs evaluation Not in release Ignored Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
Show less packages

CVE-2023-43114

Medium priority
Needs evaluation

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then...

4 affected packages

qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt4-x11 Not in release Not in release Not in release Needs evaluation Needs evaluation
qt6-base Needs evaluation Needs evaluation Not in release Ignored Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
Show less packages

CVE-2023-37369

Medium priority
Needs evaluation

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.

4 affected packages

qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt4-x11 Not in release Not in release Not in release Needs evaluation Needs evaluation
qt6-base Needs evaluation Needs evaluation Not in release Ignored Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
Show less packages

CVE-2023-34410

Medium priority
Needs evaluation

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.

4 affected packages

qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt4-x11 Not in release Not in release Not in release Needs evaluation Needs evaluation
qt6-base Needs evaluation Needs evaluation Not in release Ignored Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
Show less packages

CVE-2023-32763

Medium priority
Needs evaluation

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.

3 affected packages

qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt6-base Needs evaluation Needs evaluation Not in release Not in release Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Not in release Needs evaluation
Show less packages

CVE-2023-32762

Medium priority
Needs evaluation

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established,...

3 affected packages

qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt6-base Needs evaluation Needs evaluation Not in release Not in release Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Not in release Needs evaluation
Show less packages

CVE-2023-24607

Low priority
Vulnerable

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.

3 affected packages

qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt6-base Needs evaluation Needs evaluation Not in release Not in release Ignored
qtbase-opensource-src Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Not in release Needs evaluation
Show less packages

CVE-2022-25634

Medium priority
Vulnerable

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

2 affected packages

qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qtbase-opensource-src Not affected Not affected Not affected Not affected Not affected
qtbase-opensource-src-gles Not affected Not affected Not affected Vulnerable
Show less packages