Product:

Qt

(Qt)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 56
Date Id Summary Products Score Patch Annotated
2019-03-21 CVE-2018-19872 An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. Fedora, Leap, Qt 5.5
2020-01-24 CVE-2015-9541 Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. Fedora, Qt 7.5
2020-11-23 CVE-2020-0569 Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Ubuntu_linux, Debian_linux, 7265_firmware, Ac_3165_firmware, Ac_3168_firmware, Ac_8260_firmware, Ac_8265_firmware, Ac_9260_firmware, Ac_9461_firmware, Ac_9462_firmware, Ac_9560_firmware, Ax200_firmware, Ax201_firmware, Leap, Qt 5.7
2013-02-24 CVE-2012-6093 The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. Ubuntu_linux, Opensuse, Qt N/A
2013-12-23 CVE-2013-4549 QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. Qt, Qt N/A
2020-04-27 CVE-2020-12267 setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. Qt 9.8
2020-09-14 CVE-2020-0570 Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. Qt, Enterprise_linux 7.3
2012-06-16 CVE-2011-3193 Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. Ubuntu_linux, Pango, Opensuse, Qt, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation N/A
2010-07-02 CVE-2010-2621 The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. Qt, Qt N/A
2012-06-16 CVE-2011-3194 Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. Qt N/A