Search CVE reports
21 – 30 of 355 results
CVE-2014-0190
Low prioritySome fixes available 3 of 7
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.
2 affected packages
qt4-x11, qtbase-opensource-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt4-x11 | — | — | — | — | — |
qtbase-opensource-src | — | — | — | — | — |
CVE-2013-4549
Medium prioritySome fixes available 29 of 39
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
3 affected packages
phantomjs, qt4-x11, qtbase-opensource-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phantomjs | — | — | — | Not affected | Not affected |
qt4-x11 | — | — | — | Fixed | Fixed |
qtbase-opensource-src | — | — | — | Fixed | Fixed |
CVE-2013-0254
Medium prioritySome fixes available 4 of 5
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read...
1 affected package
qt4-x11
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt4-x11 | — | — | — | — | — |
CVE-2012-6093
Low prioritySome fixes available 4 of 5
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which...
1 affected package
qt4-x11
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt4-x11 | — | — | — | — | — |
CVE-2012-5624
Low prioritySome fixes available 3 of 4
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file:...
1 affected package
qt4-x11
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt4-x11 | — | — | — | — | — |
CVE-2012-4929
Medium prioritySome fixes available 21 of 34
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle...
6 affected packages
apache2, chromium-browser, nss, openssl, openssl098, qt4-x11
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | — | — | — | — | — |
chromium-browser | — | — | — | — | — |
nss | — | — | — | — | — |
openssl | — | — | — | — | — |
openssl098 | — | — | — | — | — |
qt4-x11 | — | — | — | — | — |
CVE-2010-5076
Medium prioritySome fixes available 1 of 2
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...
1 affected package
qt4-x11
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt4-x11 | — | — | — | — | — |
CVE-2011-3194
Low prioritySome fixes available 2 of 4
Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF...
1 affected package
qt4-x11
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt4-x11 | — | — | — | — | — |
CVE-2011-3193
Low prioritySome fixes available 2 of 4
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute...
1 affected package
qt4-x11
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt4-x11 | — | — | — | — | — |
CVE-2011-3890
Low prioritySome fixes available 2 of 28
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video source handling.
5 affected packages
chromium-browser, qt4-x11, qtwebkit-source, webkit, webkitgtk
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | — | — | — | — | Not affected |
qt4-x11 | — | — | — | — | Not affected |
qtwebkit-source | — | — | — | — | Ignored |
webkit | — | — | — | — | Not in release |
webkitgtk | — | — | — | — | Not affected |