Product:

Qt

(Qt)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 18
Date ID Summary Products Score Patch
2020-08-12 CVE-2020-17507 An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. Fedora, Qt N/A
2020-06-09 CVE-2020-13962 Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) Mumble, Qt N/A
2020-02-28 CVE-2018-21035 In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). Qt N/A
2012-06-16 CVE-2011-3193 Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. Ubuntu_linux, Opensuse, Pango, Qt, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation N/A
2020-01-24 CVE-2015-9541 Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. Fedora, Qt N/A
2020-04-27 CVE-2020-12267 setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. Qt N/A
2019-03-21 CVE-2018-19872 An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. Fedora, Leap, Qt 5.5
2017-12-16 CVE-2017-10905 A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. Qt 5.3
2017-10-04 CVE-2017-15011 The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. Qt 7.5
2018-12-26 CVE-2018-19873 An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. Debian_linux, Leap, Qt 9.8