Search CVE reports


Toggle filters

1 – 10 of 355 results


CVE-2023-43114

Medium priority
Needs evaluation

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then...

4 affected packages

qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt4-x11 Not in release Not in release Not in release Needs evaluation Needs evaluation
qt6-base Needs evaluation Needs evaluation Not in release Ignored Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
Show less packages

CVE-2023-37369

Medium priority
Needs evaluation

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.

4 affected packages

qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt4-x11 Not in release Not in release Not in release Needs evaluation Needs evaluation
qt6-base Needs evaluation Needs evaluation Not in release Ignored Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
Show less packages

CVE-2021-28025

Medium priority
Needs evaluation

Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).

3 affected packages

qt4-x11, qt6-svg, qtsvg-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt4-x11 Not in release Not in release Not in release Needs evaluation Needs evaluation
qt6-svg Needs evaluation Needs evaluation Not in release Ignored Ignored
qtsvg-opensource-src Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-34410

Medium priority
Needs evaluation

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.

4 affected packages

qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt4-x11 Not in release Not in release Not in release Needs evaluation Needs evaluation
qt6-base Needs evaluation Needs evaluation Not in release Ignored Ignored
qtbase-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtbase-opensource-src-gles Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
Show less packages

CVE-2021-3481

Low priority

Some fixes available 1 of 15

A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file...

2 affected packages

qt4-x11, qtsvg-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt4-x11 Not in release Not in release Not in release Needs evaluation Needs evaluation
qtsvg-opensource-src Needs evaluation Needs evaluation Needs evaluation Fixed Needs evaluation
Show less packages

CVE-2020-17507

Low priority

Some fixes available 1 of 6

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.

2 affected packages

qt4-x11, qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt4-x11 Not in release Not in release Not in release Vulnerable Vulnerable
qtbase-opensource-src Not affected Not affected Vulnerable Fixed Vulnerable
Show less packages

CVE-2020-12267

Medium priority
Not affected

setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.

2 affected packages

qt4-x11, qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt4-x11 Not in release Not affected Not affected
qtbase-opensource-src Not affected Not affected Not affected
Show less packages

CVE-2015-9541

Low priority
Vulnerable

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

5 affected packages

phantomjs, pyside, pyside2, qt4-x11, qtbase-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
phantomjs Not in release Not in release Vulnerable Vulnerable Vulnerable
pyside Not in release Not in release Not in release Vulnerable Vulnerable
pyside2 Vulnerable Vulnerable Vulnerable Not in release Needs evaluation
qt4-x11 Not in release Not in release Not in release Vulnerable Vulnerable
qtbase-opensource-src Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2019-17546

Medium priority

Some fixes available 5 of 56

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param"...

17 affected packages

blender, chromium-browser, gdal, insighttoolkit4, ivtools...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Not affected Not affected Not affected Not affected Not affected
chromium-browser Not affected Not affected Not affected Not affected Not affected
gdal Not affected Not affected Not affected Not affected Vulnerable
insighttoolkit4 Not in release Not affected Not affected Not affected Not affected
ivtools Not affected Not affected Not affected Not affected Not affected
libtk-img Not affected Not affected Not affected Not affected Not affected
neuron Not affected Needs evaluation Needs evaluation Needs evaluation Not in release
openjpeg2 Not affected Not affected Not affected Not affected Not affected
paraview Not affected Not affected Not affected Not affected Not affected
povray Not affected Not affected Not affected Not affected Not affected
qt4-x11 Not in release Not in release Not in release Not affected Not affected
qtimageformats-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
sfftobmp Not affected Not affected Not affected Not affected Not affected
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not affected
tiff Not affected Not affected Not affected Fixed Fixed
xloadimage Not affected Not affected Not affected Not affected Not affected
Show all 17 packages Show less packages

CVE-2019-7663

Medium priority

Some fixes available 4 of 52

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this...

9 affected packages

chromium, gdal, openjpeg2, qt4-x11, qtimageformats-opensource-src...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium Not in release Not in release Not in release Not in release Not in release
gdal Not affected Not affected Not affected Not affected Vulnerable
openjpeg2 Not affected Not affected Not affected Not affected Not affected
qt4-x11 Not in release Not in release Not in release Not affected Not affected
qtimageformats-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tiff Not affected Not affected Not affected Fixed Fixed
tiff3 Not in release Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages