Product:

Qt

(Qt)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 52
Date Id Summary Products Score Patch Annotated
2009-09-02 CVE-2009-2700 src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Qt N/A
2013-02-06 CVE-2013-0254 The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. Qt N/A
2014-05-08 CVE-2014-0190 The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. Ubuntu_linux, Fedora, Opensuse, Qt N/A
2018-12-26 CVE-2018-19869 An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. Leap, Qt 6.5
2020-02-28 CVE-2018-21035 In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). Qt N/A
2017-12-16 CVE-2017-10905 A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. Qt 5.3
2017-10-04 CVE-2017-15011 The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. Qt 7.5
2018-12-26 CVE-2018-19873 An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. Debian_linux, Leap, Qt 9.8
2018-12-26 CVE-2018-19870 An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. Debian_linux, Leap, Qt 8.8
2018-12-26 CVE-2018-15518 QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. Debian_linux, Leap, Qt 8.8