Search CVE reports
11 – 20 of 43 results
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
2 affected packages
qt6-base, qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt6-base | Needs evaluation | Needs evaluation | Not in release | Ignored |
| qtbase-opensource-src | Not affected | Vulnerable | Vulnerable | Vulnerable |
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
4 affected packages
qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation |
| qt6-base | Needs evaluation | Needs evaluation | Not in release | Ignored |
| qtbase-opensource-src | Not affected | Vulnerable | Vulnerable | Vulnerable |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
4 affected packages
qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation |
| qt6-base | Needs evaluation | Needs evaluation | Not in release | Ignored |
| qtbase-opensource-src | Not affected | Vulnerable | Vulnerable | Vulnerable |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
2 affected packages
qt6-base, qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt6-base | Needs evaluation | Needs evaluation | Not in release | Not in release |
| qtbase-opensource-src | Not affected | Vulnerable | Vulnerable | Vulnerable |
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
3 affected packages
qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt6-base | Needs evaluation | Needs evaluation | Not in release | Not in release |
| qtbase-opensource-src | Not affected | Vulnerable | Vulnerable | Vulnerable |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established,...
3 affected packages
qtbase-opensource-src, qtbase-opensource-src-gles, qt6-base
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qtbase-opensource-src | Not affected | Vulnerable | Vulnerable | Vulnerable |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| qt6-base | Needs evaluation | Needs evaluation | Not in release | Not in release |
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
3 affected packages
qtbase-opensource-src-gles, qt6-base, qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| qt6-base | Needs evaluation | Needs evaluation | Not in release | Not in release |
| qtbase-opensource-src | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.
2 affected packages
qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qtbase-opensource-src | Not affected | Not affected | Not affected | Not affected |
| qtbase-opensource-src-gles | Not affected | Not affected | Not affected | — |
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
2 affected packages
qt6-base, qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt6-base | Needs evaluation | Needs evaluation | — | — |
| qtbase-opensource-src | Not affected | Not affected | Vulnerable | Not affected |
Some fixes available 2 of 15
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
2 affected packages
qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qtbase-opensource-src | Not affected | Not affected | Fixed | Fixed |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |