Search CVE reports
1 – 10 of 14 results
CVE-2023-45935
Medium priority** DISPUTED ** Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to...
1 affected packages
qt6-base
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt6-base | Not affected | Not affected | Not in release | — | — |
CVE-2024-25580
Medium priorityAn issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
3 affected packages
qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt6-base | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
qtbase-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Needs evaluation |
CVE-2024-30161
Medium priorityIn Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)
3 affected packages
qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt6-base | Needs evaluation | Needs evaluation | Not in release | — | — |
qtbase-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | — | Needs evaluation |
CVE-2023-51714
Medium priorityAn issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
3 affected packages
qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt6-base | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
qtbase-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
CVE-2023-43114
Medium priorityAn issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then...
4 affected packages
qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
qt6-base | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
qtbase-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
CVE-2023-37369
Medium priorityIn Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
4 affected packages
qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
qt6-base | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
qtbase-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
CVE-2023-38197
Medium priorityAn issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
2 affected packages
qt6-base, qtbase-opensource-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt6-base | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
qtbase-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-34410
Medium priorityAn issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
4 affected packages
qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
qt6-base | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
qtbase-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
CVE-2023-32763
Medium priorityAn issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
3 affected packages
qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt6-base | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |
qtbase-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Needs evaluation |
CVE-2023-32762
Medium priorityAn issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established,...
3 affected packages
qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt6-base | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |
qtbase-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Needs evaluation |