Search CVE reports
1 – 10 of 43 results
There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how...
3 affected packages
qt6-base, qtbase-opensource-src-gles, qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt6-base | Needs evaluation | Needs evaluation | — | — |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | — |
| qtbase-opensource-src | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL...
3 affected packages
qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt6-base | Needs evaluation | Needs evaluation | Not in release | — |
| qtbase-opensource-src | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | — |
Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from...
3 affected packages
qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt6-base | Needs evaluation | Needs evaluation | Not in release | — |
| qtbase-opensource-src | Ignored | Ignored | Ignored | Ignored |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | — |
There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to...
3 affected packages
qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt6-base | Needs evaluation | Needs evaluation | Not in release | — |
| qtbase-opensource-src | Not affected | Not affected | Not affected | Not affected |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | — |
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).
3 affected packages
qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt6-base | Needs evaluation | Needs evaluation | Not in release | — |
| qtbase-opensource-src | Ignored | Ignored | Ignored | Ignored |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | — |
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute...
1 affected package
qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qtbase-opensource-src | Vulnerable | Vulnerable | Vulnerable | Not affected |
In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)
3 affected packages
qt6-base, qtbase-opensource-src-gles, qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt6-base | Needs evaluation | Needs evaluation | Not in release | — |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | — |
| qtbase-opensource-src | Not affected | Not affected | Not affected | Not affected |
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
3 affected packages
qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt6-base | Needs evaluation | Needs evaluation | Not in release | Not in release |
| qtbase-opensource-src | Vulnerable | Vulnerable | Vulnerable | Not affected |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
3 affected packages
qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt6-base | Not affected | Vulnerable | Not in release | Ignored |
| qtbase-opensource-src | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
| qtbase-opensource-src-gles | Not affected | Needs evaluation | Needs evaluation | Ignored |
An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then...
4 affected packages
qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation |
| qt6-base | Needs evaluation | Needs evaluation | Not in release | Ignored |
| qtbase-opensource-src | Ignored | Ignored | Ignored | Ignored |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |