Search CVE reports


Toggle filters

1 – 10 of 37 results


CVE-2024-39936

Medium priority
Needs evaluation

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute...

1 affected packages

qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-25580

Medium priority
Needs evaluation

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.

3 affected packages

qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt6-base Needs evaluation Needs evaluation Not in release Not in release Not in release
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Not in release Needs evaluation
Show less packages

CVE-2024-30161

Medium priority
Needs evaluation

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)

3 affected packages

qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt6-base Needs evaluation Needs evaluation Not in release
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-51714

Medium priority
Needs evaluation

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.

3 affected packages

qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt6-base Needs evaluation Needs evaluation Not in release Ignored Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
Show less packages

CVE-2023-43114

Medium priority
Needs evaluation

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then...

4 affected packages

qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt4-x11 Not in release Not in release Not in release Needs evaluation Needs evaluation
qt6-base Needs evaluation Needs evaluation Not in release Ignored Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
Show less packages

CVE-2023-37369

Medium priority
Needs evaluation

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.

4 affected packages

qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt4-x11 Not in release Not in release Not in release Needs evaluation Needs evaluation
qt6-base Needs evaluation Needs evaluation Not in release Ignored Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
Show less packages

CVE-2023-38197

Medium priority
Needs evaluation

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.

2 affected packages

qt6-base, qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt6-base Needs evaluation Needs evaluation Not in release Ignored Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-34410

Medium priority
Needs evaluation

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.

4 affected packages

qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt4-x11 Not in release Not in release Not in release Needs evaluation Needs evaluation
qt6-base Needs evaluation Needs evaluation Not in release Ignored Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
Show less packages

CVE-2023-32763

Medium priority
Needs evaluation

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.

3 affected packages

qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt6-base Needs evaluation Needs evaluation Not in release Not in release Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Not in release Needs evaluation
Show less packages

CVE-2023-32762

Medium priority
Needs evaluation

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established,...

3 affected packages

qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt6-base Needs evaluation Needs evaluation Not in release Not in release Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Not in release Needs evaluation
Show less packages