Qt

Qt

61 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.1

CVE-2025-23050

  • EPSS 0.01%
  • Veröffentlicht 31.10.2025 00:00:00
  • Zuletzt bearbeitet 04.11.2025 15:41:56

QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2.

5.5

CVE-2025-5683

  • EPSS 0.03%
  • Veröffentlicht 05.06.2025 05:31:13
  • Zuletzt bearbeitet 15.10.2025 17:06:22

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.

5.3

CVE-2025-30348

  • EPSS 0.13%
  • Veröffentlicht 21.03.2025 00:00:00
  • Zuletzt bearbeitet 24.03.2025 14:08:36

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

6.5

CVE-2023-45872

  • EPSS 0.11%
  • Veröffentlicht 09.10.2024 06:15:13
  • Zuletzt bearbeitet 12.11.2024 21:35:13

An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service (application crash...

5.9

CVE-2024-39936

  • EPSS 0.21%
  • Veröffentlicht 04.07.2024 21:15:10
  • Zuletzt bearbeitet 29.11.2025 13:15:45

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because ...

9.8

CVE-2024-36048

  • EPSS 0.48%
  • Veröffentlicht 18.05.2024 21:15:47
  • Zuletzt bearbeitet 04.11.2025 22:16:01

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.

4.2

CVE-2023-45935

  • EPSS 0.02%
  • Veröffentlicht 27.03.2024 05:15:47
  • Zuletzt bearbeitet 04.11.2025 19:16:02

Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomal...

6.2

CVE-2024-25580

  • EPSS 0.07%
  • Veröffentlicht 27.03.2024 03:15:12
  • Zuletzt bearbeitet 04.11.2025 19:17:00

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.

6.5

CVE-2024-30161

  • EPSS 0.08%
  • Veröffentlicht 24.03.2024 01:15:45
  • Zuletzt bearbeitet 30.06.2025 12:15:59

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)

9.8

CVE-2023-51714

  • EPSS 0.14%
  • Veröffentlicht 24.12.2023 21:15:25
  • Zuletzt bearbeitet 20.03.2025 21:31:13

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.