Qt

Qt

59 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-30348

  • EPSS 0.09%
  • Veröffentlicht 21.03.2025 00:00:00
  • Zuletzt bearbeitet 24.03.2025 14:08:36

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

6.5

CVE-2023-45872

  • EPSS 0.11%
  • Veröffentlicht 09.10.2024 06:15:13
  • Zuletzt bearbeitet 12.11.2024 21:35:13

An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service (application crash...

5.9

CVE-2024-39936

  • EPSS 0.15%
  • Veröffentlicht 04.07.2024 21:15:10
  • Zuletzt bearbeitet 19.03.2025 20:15:18

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because ...

9.8

CVE-2024-36048

  • EPSS 0.23%
  • Veröffentlicht 18.05.2024 21:15:47
  • Zuletzt bearbeitet 30.06.2025 15:21:31

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.

4.2

CVE-2023-45935

  • EPSS 0.02%
  • Veröffentlicht 27.03.2024 05:15:47
  • Zuletzt bearbeitet 21.11.2024 08:27:39

Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomal...

6.2

CVE-2024-25580

  • EPSS 0.07%
  • Veröffentlicht 27.03.2024 03:15:12
  • Zuletzt bearbeitet 30.06.2025 12:17:16

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.

6.5

CVE-2024-30161

  • EPSS 0.08%
  • Veröffentlicht 24.03.2024 01:15:45
  • Zuletzt bearbeitet 30.06.2025 12:15:59

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)

9.8

CVE-2023-51714

  • EPSS 0.14%
  • Veröffentlicht 24.12.2023 21:15:25
  • Zuletzt bearbeitet 20.03.2025 21:31:13

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.

5.5

CVE-2023-43114

  • EPSS 0.07%
  • Veröffentlicht 18.09.2023 07:15:38
  • Zuletzt bearbeitet 21.11.2024 08:23:42

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the app...

7.5

CVE-2023-37369

Exploit
  • EPSS 0.28%
  • Veröffentlicht 20.08.2023 07:15:08
  • Zuletzt bearbeitet 21.11.2024 08:11:35

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.