Search CVE reports
21 – 30 of 43 results
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
2 affected packages
qtbase-opensource-src-gles, qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qtbase-opensource-src-gles | — | Not affected | Not affected | Not in release |
| qtbase-opensource-src | — | Not affected | Not affected | Not affected |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-0570. Reason: This candidate is a duplicate of CVE-2020-0570. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2020-0570...
2 affected packages
qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qtbase-opensource-src | — | — | Not affected | Not affected |
| qtbase-opensource-src-gles | — | — | Not affected | Not in release |
Some fixes available 1 of 6
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
2 affected packages
qt4-x11, qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Vulnerable |
| qtbase-opensource-src | Not affected | Not affected | Vulnerable | Fixed |
Some fixes available 16 of 17
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
18 affected packages
chromium-browser, godot, graphicsmagick, musescore, openjdk-13...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | Not in release | Fixed |
| godot | Not affected | Not affected | Not affected | Not in release |
| graphicsmagick | Not affected | Not affected | Not affected | Not affected |
| musescore | Not in release | Not in release | Not affected | Not affected |
| openjdk-13 | Not in release | Not in release | Not affected | Not in release |
| texmaker | Not affected | Not affected | Not affected | Not affected |
| android | Not in release | Not in release | Not in release | Not in release |
| firefox | Not affected | Not affected | Not in release | Not affected |
| freetype | Fixed | Fixed | Fixed | Fixed |
| openjdk-lts | Not affected | Not affected | Not affected | Not affected |
| openjdk-15 | Not in release | Not in release | Not in release | Not in release |
| oxide-qt | Not in release | Not in release | Not in release | Not in release |
| paraview | Not affected | Not affected | Not affected | Not affected |
| qtbase-opensource-src | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not in release | Not affected |
| openjdk-12 | Not in release | Not in release | Not in release | Not in release |
| qtbase-opensource-src-gles | Not affected | Not affected | Not affected | Not in release |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions,...
1 affected package
qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qtbase-opensource-src | Not affected | Not affected | Vulnerable | Not affected |
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
2 affected packages
qt4-x11, qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt4-x11 | — | — | Not in release | Not affected |
| qtbase-opensource-src | — | — | Not affected | Not affected |
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
1 affected package
qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qtbase-opensource-src | — | — | — | Not affected |
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
1 affected package
qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qtbase-opensource-src | — | — | — | Fixed |
Some fixes available 1 of 2
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file...
1 affected package
qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qtbase-opensource-src | — | — | — | Not affected |
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
1 affected package
qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qtbase-opensource-src | — | — | — | Fixed |