Qt

Qt

59 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-30348

  • EPSS 0.09%
  • Published 21.03.2025 00:00:00
  • Last modified 24.03.2025 14:08:36

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

6.5

CVE-2023-45872

  • EPSS 0.11%
  • Published 09.10.2024 06:15:13
  • Last modified 12.11.2024 21:35:13

An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service (application crash...

5.9

CVE-2024-39936

  • EPSS 0.15%
  • Published 04.07.2024 21:15:10
  • Last modified 19.03.2025 20:15:18

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because ...

9.8

CVE-2024-36048

  • EPSS 0.17%
  • Published 18.05.2024 21:15:47
  • Last modified 30.06.2025 15:21:31

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.

4.2

CVE-2023-45935

  • EPSS 0.02%
  • Published 27.03.2024 05:15:47
  • Last modified 21.11.2024 08:27:39

Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomal...

6.2

CVE-2024-25580

  • EPSS 0.07%
  • Published 27.03.2024 03:15:12
  • Last modified 30.06.2025 12:17:16

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.

6.5

CVE-2024-30161

  • EPSS 0.08%
  • Published 24.03.2024 01:15:45
  • Last modified 30.06.2025 12:15:59

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)

9.8

CVE-2023-51714

  • EPSS 0.14%
  • Published 24.12.2023 21:15:25
  • Last modified 20.03.2025 21:31:13

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.

5.5

CVE-2023-43114

  • EPSS 0.07%
  • Published 18.09.2023 07:15:38
  • Last modified 21.11.2024 08:23:42

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the app...

7.5

CVE-2023-37369

Exploit
  • EPSS 0.28%
  • Published 20.08.2023 07:15:08
  • Last modified 21.11.2024 08:11:35

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.