Vulnerabilites related to qt - qt
CVE-2022-25634 (GCVE-0-2022-25634)
Vulnerability from cvelistv5
Published
2022-03-02 14:27
Modified
2024-08-03 04:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:42:50.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396440"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396689"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-02T14:27:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396440"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396689"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/396440",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396440"
},
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/396689",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396689"
},
{
"name": "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff",
"refsource": "CONFIRM",
"url": "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff"
},
{
"name": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690"
},
{
"name": "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff",
"refsource": "CONFIRM",
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25634",
"datePublished": "2022-03-02T14:27:37",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:42:50.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-9541 (GCVE-0-2015-9541)
Vulnerability from cvelistv5
Published
2020-01-24 21:53
Modified
2024-08-06 08:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:51:05.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-47417"
},
{
"name": "FEDORA-2020-ca02c529f8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/"
},
{
"name": "FEDORA-2020-3069e44be5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-25T06:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugreports.qt.io/browse/QTBUG-47417"
},
{
"name": "FEDORA-2020-ca02c529f8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/"
},
{
"name": "FEDORA-2020-3069e44be5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugreports.qt.io/browse/QTBUG-47417",
"refsource": "MISC",
"url": "https://bugreports.qt.io/browse/QTBUG-47417"
},
{
"name": "FEDORA-2020-ca02c529f8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/"
},
{
"name": "FEDORA-2020-3069e44be5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9541",
"datePublished": "2020-01-24T21:53:41",
"dateReserved": "2020-01-24T00:00:00",
"dateUpdated": "2024-08-06T08:51:05.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3193 (GCVE-0-2011-3193)
Vulnerability from cvelistv5
Published
2012-06-16 00:00
Modified
2024-08-06 23:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:55.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46371"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0"
},
{
"name": "USN-1504-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"name": "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
},
{
"name": "openSUSE-SU-2011:1119",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
},
{
"name": "41537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41537"
},
{
"name": "46410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46410"
},
{
"name": "RHSA-2011:1327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1327.html"
},
{
"name": "RHSA-2011:1325",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1325.html"
},
{
"name": "[oss-security] 20120822 CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
},
{
"name": "46128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46128"
},
{
"name": "RHSA-2011:1324",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"name": "[oss-security] 20120825 Re: CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/25/1"
},
{
"name": "49895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49895"
},
{
"name": "46117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46117"
},
{
"name": "RHSA-2011:1326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1326.html"
},
{
"name": "46119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46119"
},
{
"name": "49723",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08"
},
{
"name": "RHSA-2011:1323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
},
{
"name": "SUSE-SU-2011:1113",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65"
},
{
"name": "RHSA-2011:1328",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c"
},
{
"name": "75652",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/75652"
},
{
"name": "46118",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46118"
},
{
"name": "pango-harfbuzz-bo(69991)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991"
},
{
"name": "openSUSE-SU-2011:1120",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "46371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46371"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0"
},
{
"name": "USN-1504-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"name": "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
},
{
"name": "openSUSE-SU-2011:1119",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
},
{
"name": "41537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41537"
},
{
"name": "46410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46410"
},
{
"name": "RHSA-2011:1327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1327.html"
},
{
"name": "RHSA-2011:1325",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1325.html"
},
{
"name": "[oss-security] 20120822 CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
},
{
"name": "46128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46128"
},
{
"name": "RHSA-2011:1324",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"name": "[oss-security] 20120825 Re: CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/25/1"
},
{
"name": "49895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49895"
},
{
"name": "46117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46117"
},
{
"name": "RHSA-2011:1326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1326.html"
},
{
"name": "46119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46119"
},
{
"name": "49723",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08"
},
{
"name": "RHSA-2011:1323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
},
{
"name": "SUSE-SU-2011:1113",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65"
},
{
"name": "RHSA-2011:1328",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c"
},
{
"name": "75652",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/75652"
},
{
"name": "46118",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46118"
},
{
"name": "pango-harfbuzz-bo(69991)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991"
},
{
"name": "openSUSE-SU-2011:1120",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3193",
"datePublished": "2012-06-16T00:00:00",
"dateReserved": "2011-08-19T00:00:00",
"dateUpdated": "2024-08-06T23:29:55.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24742 (GCVE-0-2020-24742)
Vulnerability from cvelistv5
Published
2021-08-09 21:18
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/280730"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T21:18:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/280730"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/280730",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/280730"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24742",
"datePublished": "2021-08-09T21:18:27",
"dateReserved": "2020-08-28T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30348 (GCVE-0-2025-30348)
Vulnerability from cvelistv5
Published
2025-03-21 00:00
Modified
2025-03-21 15:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-407 - Inefficient Algorithmic Complexity
Summary
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T15:51:38.091847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T15:51:56.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Qt",
"vendor": "Qt",
"versions": [
{
"lessThan": "5.15.19",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.5.9",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThan": "6.8.0",
"status": "affected",
"version": "6.6.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.0",
"versionStartIncluding": "6.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407 Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T06:54:16.026Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/581442"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-30348",
"datePublished": "2025-03-21T00:00:00.000Z",
"dateReserved": "2025-03-21T00:00:00.000Z",
"dateUpdated": "2025-03-21T15:51:56.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3194 (GCVE-0-2011-3194)
Vulnerability from cvelistv5
Published
2012-06-16 00:00
Modified
2024-08-06 23:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46371"
},
{
"name": "USN-1504-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"name": "46140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46140"
},
{
"name": "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
},
{
"name": "GLSA-201206-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-02.xml"
},
{
"name": "openSUSE-SU-2011:1119",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
},
{
"name": "46410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46410"
},
{
"name": "qt-grayscale-bo(69975)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69975"
},
{
"name": "[oss-security] 20120822 CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465"
},
{
"name": "46128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46128"
},
{
"name": "46187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46187"
},
{
"name": "49895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49895"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=637275"
},
{
"name": "49383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49383"
},
{
"name": "49724",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49724"
},
{
"name": "FEDORA-2011-12145",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html"
},
{
"name": "RHSA-2011:1323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
},
{
"name": "SUSE-SU-2011:1113",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"name": "RHSA-2011:1328",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
},
{
"name": "75653",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/75653"
},
{
"name": "openSUSE-SU-2011:1120",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "46371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46371"
},
{
"name": "USN-1504-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"name": "46140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46140"
},
{
"name": "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
},
{
"name": "GLSA-201206-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-02.xml"
},
{
"name": "openSUSE-SU-2011:1119",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
},
{
"name": "46410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46410"
},
{
"name": "qt-grayscale-bo(69975)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69975"
},
{
"name": "[oss-security] 20120822 CVE request: libqt4: two memory issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465"
},
{
"name": "46128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46128"
},
{
"name": "46187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46187"
},
{
"name": "49895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49895"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=637275"
},
{
"name": "49383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49383"
},
{
"name": "49724",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49724"
},
{
"name": "FEDORA-2011-12145",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html"
},
{
"name": "RHSA-2011:1323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
},
{
"name": "SUSE-SU-2011:1113",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"name": "RHSA-2011:1328",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
},
{
"name": "75653",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/75653"
},
{
"name": "openSUSE-SU-2011:1120",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3194",
"datePublished": "2012-06-16T00:00:00",
"dateReserved": "2011-08-19T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19872 (GCVE-0-2018-19872)
Vulnerability from cvelistv5
Published
2019-03-15 22:00
Modified
2024-08-05 11:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-69449"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "FEDORA-2019-03ac7f1d2f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/"
},
{
"name": "FEDORA-2019-ae913a2f00",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/"
},
{
"name": "FEDORA-2019-b5e690b96e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/"
},
{
"name": "openSUSE-SU-2019:1239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"name": "USN-4275-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4275-1/"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T08:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugreports.qt.io/browse/QTBUG-69449"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "FEDORA-2019-03ac7f1d2f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/"
},
{
"name": "FEDORA-2019-ae913a2f00",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/"
},
{
"name": "FEDORA-2019-b5e690b96e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/"
},
{
"name": "openSUSE-SU-2019:1239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"name": "USN-4275-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4275-1/"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugreports.qt.io/browse/QTBUG-69449",
"refsource": "CONFIRM",
"url": "https://bugreports.qt.io/browse/QTBUG-69449"
},
{
"name": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "CONFIRM",
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "FEDORA-2019-03ac7f1d2f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/"
},
{
"name": "FEDORA-2019-ae913a2f00",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/"
},
{
"name": "FEDORA-2019-b5e690b96e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/"
},
{
"name": "openSUSE-SU-2019:1239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"name": "USN-4275-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4275-1/"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19872",
"datePublished": "2019-03-15T22:00:00",
"dateReserved": "2018-12-05T00:00:00",
"dateUpdated": "2024-08-05T11:44:20.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-21035 (GCVE-0-2018-21035)
Vulnerability from cvelistv5
Published
2020-02-28 19:17
Modified
2024-08-05 12:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-70693"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption)."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-28T19:17:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugreports.qt.io/browse/QTBUG-70693"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735"
},
{
"name": "https://bugreports.qt.io/browse/QTBUG-70693",
"refsource": "MISC",
"url": "https://bugreports.qt.io/browse/QTBUG-70693"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21035",
"datePublished": "2020-02-28T19:17:43",
"dateReserved": "2020-02-28T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0242 (GCVE-0-2007-0242)
Vulnerability from cvelistv5
Published
2007-04-03 16:00
Modified
2024-08-07 12:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html"
},
{
"name": "qt-utf8-xss(33397)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397"
},
{
"name": "24699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24699"
},
{
"name": "RHSA-2007:0909",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0909.html"
},
{
"name": "MDKSA-2007:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1202"
},
{
"name": "MDKSA-2007:076",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm"
},
{
"name": "24889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24889"
},
{
"name": "27275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27275"
},
{
"name": "24727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24727"
},
{
"name": "26857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26857"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350"
},
{
"name": "SUSE-SR:2007:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html"
},
{
"name": "DSA-1292",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1292"
},
{
"name": "24847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24847"
},
{
"name": "24705",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24705"
},
{
"name": "RHSA-2011:1324",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"name": "23269",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23269"
},
{
"name": "46117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46117"
},
{
"name": "27108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27108"
},
{
"name": "24759",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24759"
},
{
"name": "USN-452-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-452-1"
},
{
"name": "24726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24726"
},
{
"name": "20070901-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc"
},
{
"name": "ADV-2007-1212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1212"
},
{
"name": "25263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25263"
},
{
"name": "26804",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26804"
},
{
"name": "FEDORA-2007-703",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA-2007-703.shtml"
},
{
"name": "oval:org.mitre.oval:def:11510",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510"
},
{
"name": "RHSA-2007:0883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0883.html"
},
{
"name": "SSA:2007-093-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.348591"
},
{
"name": "MDKSA-2007:075",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html"
},
{
"name": "24797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html"
},
{
"name": "qt-utf8-xss(33397)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397"
},
{
"name": "24699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24699"
},
{
"name": "RHSA-2007:0909",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0909.html"
},
{
"name": "MDKSA-2007:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1202"
},
{
"name": "MDKSA-2007:076",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm"
},
{
"name": "24889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24889"
},
{
"name": "27275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27275"
},
{
"name": "24727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24727"
},
{
"name": "26857",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26857"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350"
},
{
"name": "SUSE-SR:2007:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html"
},
{
"name": "DSA-1292",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1292"
},
{
"name": "24847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24847"
},
{
"name": "24705",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24705"
},
{
"name": "RHSA-2011:1324",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"name": "23269",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23269"
},
{
"name": "46117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46117"
},
{
"name": "27108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27108"
},
{
"name": "24759",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24759"
},
{
"name": "USN-452-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-452-1"
},
{
"name": "24726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24726"
},
{
"name": "20070901-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc"
},
{
"name": "ADV-2007-1212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1212"
},
{
"name": "25263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25263"
},
{
"name": "26804",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26804"
},
{
"name": "FEDORA-2007-703",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA-2007-703.shtml"
},
{
"name": "oval:org.mitre.oval:def:11510",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510"
},
{
"name": "RHSA-2007:0883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0883.html"
},
{
"name": "SSA:2007-093-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.348591"
},
{
"name": "MDKSA-2007:075",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html"
},
{
"name": "24797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html"
},
{
"name": "qt-utf8-xss(33397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397"
},
{
"name": "24699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24699"
},
{
"name": "RHSA-2007:0909",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0909.html"
},
{
"name": "MDKSA-2007:074",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074"
},
{
"name": "https://issues.rpath.com/browse/RPL-1202",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1202"
},
{
"name": "MDKSA-2007:076",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm"
},
{
"name": "24889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24889"
},
{
"name": "27275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27275"
},
{
"name": "24727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24727"
},
{
"name": "26857",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26857"
},
{
"name": "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350",
"refsource": "CONFIRM",
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350"
},
{
"name": "SUSE-SR:2007:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
},
{
"name": "http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html",
"refsource": "CONFIRM",
"url": "http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html"
},
{
"name": "DSA-1292",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1292"
},
{
"name": "24847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24847"
},
{
"name": "24705",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24705"
},
{
"name": "RHSA-2011:1324",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"name": "23269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23269"
},
{
"name": "46117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46117"
},
{
"name": "27108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27108"
},
{
"name": "24759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24759"
},
{
"name": "USN-452-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-452-1"
},
{
"name": "24726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24726"
},
{
"name": "20070901-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc"
},
{
"name": "ADV-2007-1212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1212"
},
{
"name": "25263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25263"
},
{
"name": "26804",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26804"
},
{
"name": "FEDORA-2007-703",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2007-703.shtml"
},
{
"name": "oval:org.mitre.oval:def:11510",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510"
},
{
"name": "RHSA-2007:0883",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0883.html"
},
{
"name": "SSA:2007-093-03",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.348591"
},
{
"name": "MDKSA-2007:075",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075"
},
{
"name": "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html"
},
{
"name": "24797",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0242",
"datePublished": "2007-04-03T16:00:00",
"dateReserved": "2007-01-16T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25255 (GCVE-0-2022-25255)
Vulnerability from cvelistv5
Published
2022-02-16 18:48
Modified
2024-08-03 04:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-16T18:48:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/393113",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113"
},
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/394914",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914"
},
{
"name": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff",
"refsource": "MISC",
"url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff"
},
{
"name": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff",
"refsource": "MISC",
"url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff"
},
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/396020",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25255",
"datePublished": "2022-02-16T18:48:35",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43114 (GCVE-0-2023-43114)
Vulnerability from cvelistv5
Published
2023-09-18 00:00
Modified
2024-09-25 15:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:22.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/503026"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:48:32.880023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:48:41.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-18T06:55:20.210703",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/503026"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43114",
"datePublished": "2023-09-18T00:00:00",
"dateReserved": "2023-09-18T00:00:00",
"dateUpdated": "2024-09-25T15:48:41.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0570 (GCVE-0-2020-0570)
Vulnerability from cvelistv5
Published
2020-09-14 18:17
Modified
2024-08-04 06:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Escalation of Privilege
Summary
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | QT Library |
Version: Fixed in qt 5.14.0, qt 5.12.7, qt 5.9.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:02:52.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800604"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-81272"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.qt-project.org/pipermail/development/2020-January/038534.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QT Library",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in qt 5.14.0, qt 5.12.7, qt 5.9.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-21T16:50:44",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800604"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugreports.qt.io/browse/QTBUG-81272"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.qt-project.org/pipermail/development/2020-January/038534.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2020-0570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QT Library",
"version": {
"version_data": [
{
"version_value": "Fixed in qt 5.14.0, qt 5.12.7, qt 5.9.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1800604",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800604"
},
{
"name": "https://bugreports.qt.io/browse/QTBUG-81272",
"refsource": "CONFIRM",
"url": "https://bugreports.qt.io/browse/QTBUG-81272"
},
{
"name": "https://lists.qt-project.org/pipermail/development/2020-January/038534.html",
"refsource": "CONFIRM",
"url": "https://lists.qt-project.org/pipermail/development/2020-January/038534.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2020-0570",
"datePublished": "2020-09-14T18:17:32",
"dateReserved": "2019-10-28T00:00:00",
"dateUpdated": "2024-08-04T06:02:52.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32573 (GCVE-0-2023-32573)
Vulnerability from cvelistv5
Published
2023-05-10 00:00
Modified
2025-01-27 20:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/474093"
},
{
"name": "FEDORA-2023-0d4b3316f6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T20:49:26.255610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T20:49:30.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T00:06:14.525Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/474093"
},
{
"name": "FEDORA-2023-0d4b3316f6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-32573",
"datePublished": "2023-05-10T00:00:00.000Z",
"dateReserved": "2023-05-10T00:00:00.000Z",
"dateUpdated": "2025-01-27T20:49:30.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0569 (GCVE-0-2020-0569)
Vulnerability from cvelistv5
Published
2020-11-23 00:00
Modified
2024-08-04 06:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
Summary
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) PROSet/Wireless WiFi products on Windows 10 |
Version: before version 21.70 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:02:52.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel(R) PROSet/Wireless WiFi products on Windows 10",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 21.70"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-12T16:08:18.142495",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2020-0569",
"datePublished": "2020-11-23T00:00:00",
"dateReserved": "2019-10-28T00:00:00",
"dateUpdated": "2024-08-04T06:02:52.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38593 (GCVE-0-2021-38593)
Vulnerability from cvelistv5
Published
2021-08-12 00:00
Modified
2024-08-04 01:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holders"
},
{
"tags": [
"x_transferred"
],
"url": "https://wiki.qt.io/Qt_5.15_Release#Known_Issues"
},
{
"name": "FEDORA-2022-54760f7fa4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/"
},
{
"name": "FEDORA-2022-4131ced81a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/"
},
{
"name": "GLSA-202402-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-03T07:06:32.200877",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c"
},
{
"url": "https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd"
},
{
"url": "https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566"
},
{
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml"
},
{
"url": "https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holders"
},
{
"url": "https://wiki.qt.io/Qt_5.15_Release#Known_Issues"
},
{
"name": "FEDORA-2022-54760f7fa4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/"
},
{
"name": "FEDORA-2022-4131ced81a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/"
},
{
"name": "GLSA-202402-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202402-03"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38593",
"datePublished": "2021-08-12T00:00:00",
"dateReserved": "2021-08-12T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34410 (GCVE-0-2023-34410)
Vulnerability from cvelistv5
Published
2023-06-05 00:00
Modified
2025-01-08 16:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477560"
},
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/480002"
},
{
"name": "FEDORA-2023-0d4b3316f6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-34410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T16:58:49.630299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T16:58:53.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T00:06:20.910150",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477560"
},
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/480002"
},
{
"name": "FEDORA-2023-0d4b3316f6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-34410",
"datePublished": "2023-06-05T00:00:00",
"dateReserved": "2023-06-05T00:00:00",
"dateUpdated": "2025-01-08T16:58:53.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17507 (GCVE-0-2020-17507)
Vulnerability from cvelistv5
Published
2020-08-12 17:35
Modified
2024-08-04 14:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:47.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
},
{
"name": "FEDORA-2020-b8091188d0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
},
{
"name": "FEDORA-2020-8dd86f1b3f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
},
{
"name": "GLSA-202009-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202009-04"
},
{
"name": "openSUSE-SU-2020:1452",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"name": "openSUSE-SU-2020:1564",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
},
{
"name": "openSUSE-SU-2020:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T23:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
},
{
"name": "FEDORA-2020-b8091188d0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
},
{
"name": "FEDORA-2020-8dd86f1b3f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
},
{
"name": "GLSA-202009-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202009-04"
},
{
"name": "openSUSE-SU-2020:1452",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"name": "openSUSE-SU-2020:1564",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
},
{
"name": "openSUSE-SU-2020:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-17507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
},
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
},
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
},
{
"name": "FEDORA-2020-b8091188d0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
},
{
"name": "FEDORA-2020-8dd86f1b3f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
},
{
"name": "GLSA-202009-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202009-04"
},
{
"name": "openSUSE-SU-2020:1452",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2376-1] qtbase-opensource-src security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"name": "openSUSE-SU-2020:1564",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
},
{
"name": "openSUSE-SU-2020:1568",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-17507",
"datePublished": "2020-08-12T17:35:20",
"dateReserved": "2020-08-12T00:00:00",
"dateUpdated": "2024-08-04T14:00:47.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51714 (GCVE-0-2023-51714)
Vulnerability from cvelistv5
Published
2023-12-24 00:00
Modified
2024-08-02 22:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:34.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524864"
},
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524865/3"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T00:06:18.651501",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524864"
},
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524865/3"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51714",
"datePublished": "2023-12-24T00:00:00",
"dateReserved": "2023-12-22T00:00:00",
"dateUpdated": "2024-08-02T22:40:34.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7298 (GCVE-0-2015-7298)
Vulnerability from cvelistv5
Published
2015-10-26 14:00
Modified
2024-08-06 07:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-26T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-016",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7298",
"datePublished": "2015-10-26T14:00:00",
"dateReserved": "2015-09-21T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32763 (GCVE-0-2023-32763)
Vulnerability from cvelistv5
Published
2023-05-28 00:00
Modified
2024-08-02 15:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/476125"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.qt-project.org/pipermail/announce/2023-May/000413.html"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"name": "GLSA-202402-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-03"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T00:06:20.172374",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/476125"
},
{
"url": "https://lists.qt-project.org/pipermail/announce/2023-May/000413.html"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"name": "GLSA-202402-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202402-03"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-32763",
"datePublished": "2023-05-28T00:00:00",
"dateReserved": "2023-05-15T00:00:00",
"dateUpdated": "2024-08-02T15:25:36.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32762 (GCVE-0-2023-32762)
Vulnerability from cvelistv5
Published
2023-05-28 00:00
Modified
2024-08-19 16:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:37.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/476140"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.qt-project.org/pipermail/announce/2023-May/000414.html"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:qt:qtbase:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qtbase",
"vendor": "qt",
"versions": [
{
"lessThan": "5.15.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:qt:qtbase:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qtbase",
"vendor": "qt",
"versions": [
{
"lessThan": "6.2.9",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:qt:qtbase:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qtbase",
"vendor": "qt",
"versions": [
{
"lessThan": "6.5.1",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T14:17:39.605223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T16:42:12.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T00:06:23.176268",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/476140"
},
{
"url": "https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305"
},
{
"url": "https://lists.qt-project.org/pipermail/announce/2023-May/000414.html"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-32762",
"datePublished": "2023-05-28T00:00:00",
"dateReserved": "2023-05-15T00:00:00",
"dateUpdated": "2024-08-19T16:42:12.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1858 (GCVE-0-2015-1858)
Vulnerability from cvelistv5
Published
2015-05-12 19:00
Modified
2024-08-06 04:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/108312/"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"name": "74309",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74309"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#/c/108312/"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"name": "74309",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74309"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1858",
"datePublished": "2015-05-12T19:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12267 (GCVE-0-2020-12267)
Vulnerability from cvelistv5
Published
2020-04-27 01:31
Modified
2024-08-04 11:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/291706"
},
{
"name": "GLSA-202007-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-38"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T02:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/291706"
},
{
"name": "GLSA-202007-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-38"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450"
},
{
"name": "https://codereview.qt-project.org/c/qt/qtbase/+/291706",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/291706"
},
{
"name": "GLSA-202007-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-38"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12267",
"datePublished": "2020-04-27T01:31:42",
"dateReserved": "2020-04-27T00:00:00",
"dateUpdated": "2024-08-04T11:48:58.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37369 (GCVE-0-2023-37369)
Vulnerability from cvelistv5
Published
2023-08-20 00:00
Modified
2024-08-02 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37369",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T20:39:00.158917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T20:39:08.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-114829"
},
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/455027"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"name": "FEDORA-2023-0e68827d36",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/"
},
{
"name": "FEDORA-2023-fd45b50121",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T00:06:17.111232",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugreports.qt.io/browse/QTBUG-114829"
},
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/455027"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"name": "FEDORA-2023-0e68827d36",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/"
},
{
"name": "FEDORA-2023-fd45b50121",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37369",
"datePublished": "2023-08-20T00:00:00",
"dateReserved": "2023-06-30T00:00:00",
"dateUpdated": "2024-08-02T17:09:34.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4549 (GCVE-0-2013-4549)
Vulnerability from cvelistv5
Published
2013-12-23 22:00
Modified
2024-08-06 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion\tDenial of Service",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
},
{
"name": "56166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56166"
},
{
"name": "openSUSE-SU-2014:0173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
},
{
"name": "56008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56008"
},
{
"name": "openSUSE-SU-2014:0125",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#change%2C71010"
},
{
"name": "openSUSE-SU-2014:0176",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
},
{
"name": "openSUSE-SU-2014:0067",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
},
{
"name": "USN-2057-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2057-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#change%2C71368"
},
{
"name": "openSUSE-SU-2014:0070",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
},
{
"name": "FEDORA-2014-5695",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-08T12:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion\tDenial of Service",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
},
{
"name": "56166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56166"
},
{
"name": "openSUSE-SU-2014:0173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
},
{
"name": "56008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56008"
},
{
"name": "openSUSE-SU-2014:0125",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#change%2C71010"
},
{
"name": "openSUSE-SU-2014:0176",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
},
{
"name": "openSUSE-SU-2014:0067",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
},
{
"name": "USN-2057-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2057-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#change%2C71368"
},
{
"name": "openSUSE-SU-2014:0070",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
},
{
"name": "FEDORA-2014-5695",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4549",
"datePublished": "2013-12-23T22:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28025 (GCVE-0-2021-28025)
Vulnerability from cvelistv5
Published
2023-08-11 00:00
Modified
2024-10-09 17:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-28025",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:37:32.242443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T17:37:40.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28025",
"datePublished": "2023-08-11T00:00:00",
"dateReserved": "2021-03-05T00:00:00",
"dateUpdated": "2024-10-09T17:37:40.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3481 (GCVE-0-2021-3481)
Vulnerability from cvelistv5
Published
2022-08-22 00:00
Modified
2024-08-03 16:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - - Out-of-bounds Read
Summary
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3481"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qt",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in qt 5.12.11, qt 5.15.4, qt 6.0.3, qt 6.1.0RC."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 - Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T00:06:13.050577",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3481"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3481",
"datePublished": "2022-08-22T00:00:00",
"dateReserved": "2021-04-01T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5624 (GCVE-0-2012-5624)
Vulnerability from cvelistv5
Published
2013-02-24 19:00
Modified
2024-09-16 18:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:0157",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"name": "USN-1723-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"name": "52217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"name": "[oss-security] 20121204 Re: CVE Request -- Qt (x \u003c 4.8.4): QML XmlHttpRequest insecure redirection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#change%2C40034"
},
{
"name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"name": "openSUSE-SU-2013:0154",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"name": "openSUSE-SU-2013:0143",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2013:0157",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"name": "USN-1723-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"name": "52217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"name": "[oss-security] 20121204 Re: CVE Request -- Qt (x \u003c 4.8.4): QML XmlHttpRequest insecure redirection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#change%2C40034"
},
{
"name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"name": "openSUSE-SU-2013:0154",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"name": "openSUSE-SU-2013:0143",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0157",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"name": "USN-1723-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"name": "52217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52217"
},
{
"name": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71",
"refsource": "CONFIRM",
"url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"name": "[oss-security] 20121204 Re: CVE Request -- Qt (x \u003c 4.8.4): QML XmlHttpRequest insecure redirection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"name": "https://codereview.qt-project.org/#change,40034",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#change,40034"
},
{
"name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
"refsource": "MLIST",
"url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"name": "openSUSE-SU-2013:0154",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"name": "openSUSE-SU-2013:0143",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=883415",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5624",
"datePublished": "2013-02-24T19:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-09-16T18:45:23.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19869 (GCVE-0-2018-19869)
Vulnerability from cvelistv5
Published
2018-12-26 20:00
Modified
2024-08-05 11:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/234142/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1116",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "openSUSE-SU-2020:1452",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2422-1] qtsvg-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-31T21:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#/c/234142/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1116",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "openSUSE-SU-2020:1452",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2422-1] qtsvg-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/#/c/234142/",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#/c/234142/"
},
{
"name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "CONFIRM",
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1116",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "RHSA-2019:2135",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "openSUSE-SU-2020:1452",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2422-1] qtsvg-opensource-src security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19869",
"datePublished": "2018-12-26T20:00:00",
"dateReserved": "2018-12-05T00:00:00",
"dateUpdated": "2024-08-05T11:44:20.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2621 (GCVE-0-2010-2621)
Vulnerability from cvelistv5
Published
2010-07-02 20:00
Modified
2024-08-07 02:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46410"
},
{
"name": "ADV-2010-1657",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/poc/qtsslame.zip"
},
{
"name": "41250",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41250"
},
{
"name": "65860",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/65860"
},
{
"name": "40389",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"name": "SUSE-SU-2011:1113",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/adv/qtsslame-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-19T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46410"
},
{
"name": "ADV-2010-1657",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/poc/qtsslame.zip"
},
{
"name": "41250",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41250"
},
{
"name": "65860",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/65860"
},
{
"name": "40389",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"name": "SUSE-SU-2011:1113",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/adv/qtsslame-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46410"
},
{
"name": "ADV-2010-1657",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1657"
},
{
"name": "http://aluigi.org/poc/qtsslame.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/qtsslame.zip"
},
{
"name": "41250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41250"
},
{
"name": "65860",
"refsource": "OSVDB",
"url": "http://osvdb.org/65860"
},
{
"name": "40389",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40389"
},
{
"name": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597",
"refsource": "CONFIRM",
"url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"name": "SUSE-SU-2011:1113",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"name": "http://aluigi.org/adv/qtsslame-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/qtsslame-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2621",
"datePublished": "2010-07-02T20:00:00",
"dateReserved": "2010-07-02T00:00:00",
"dateUpdated": "2024-08-07T02:39:37.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39936 (GCVE-0-2024-39936)
Vulnerability from cvelistv5
Published
2024-07-04 00:00
Modified
2025-03-19 20:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T16:46:00.935832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T20:03:04.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/571601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-04T20:55:33.298Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/571601"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39936",
"datePublished": "2024-07-04T00:00:00.000Z",
"dateReserved": "2024-07-04T00:00:00.000Z",
"dateUpdated": "2025-03-19T20:03:04.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43591 (GCVE-0-2022-43591)
Vulnerability from cvelistv5
Published
2023-01-12 16:44
Modified
2025-04-07 15:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qt Project | Qt |
Version: 6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1650"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43591",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:00:26.751239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:00:48.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Qt",
"vendor": "Qt Project",
"versions": [
{
"status": "affected",
"version": "6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T16:44:10.325Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-43591",
"datePublished": "2023-01-12T16:44:10.325Z",
"dateReserved": "2022-10-21T18:22:32.243Z",
"dateUpdated": "2025-04-07T15:00:48.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0190 (GCVE-0-2014-0190)
Vulnerability from cvelistv5
Published
2014-05-08 14:00
Modified
2024-08-06 09:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.kde.org/show_bug.cgi?id=333404"
},
{
"name": "openSUSE-SU-2015:0573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"name": "FEDORA-2014-6922",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20140424 Qt Security Advisory: DoS vulnerability in the GIF image handler",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2014-April/000045.html"
},
{
"name": "FEDORA-2014-6896",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html"
},
{
"name": "FEDORA-2014-5695",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
},
{
"name": "67087",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.kde.org/show_bug.cgi?id=333404"
},
{
"name": "openSUSE-SU-2015:0573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"name": "FEDORA-2014-6922",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20140424 Qt Security Advisory: DoS vulnerability in the GIF image handler",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2014-April/000045.html"
},
{
"name": "FEDORA-2014-6896",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html"
},
{
"name": "FEDORA-2014-5695",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
},
{
"name": "67087",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67087"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0190",
"datePublished": "2014-05-08T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25580 (GCVE-0-2024-25580)
Vulnerability from cvelistv5
Published
2024-03-27 00:00
Modified
2024-10-29 19:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T18:41:43.696201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T19:58:39.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T01:54:47.373388",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25580",
"datePublished": "2024-03-27T00:00:00",
"dateReserved": "2024-02-08T00:00:00",
"dateUpdated": "2024-10-29T19:58:39.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24607 (GCVE-0-2023-24607)
Vulnerability from cvelistv5
Published
2023-04-15 00:00
Modified
2024-08-02 11:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T15:11:26.446866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:28.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:18.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qt.io/blog/tag/security"
},
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/456216"
},
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217"
},
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238"
},
{
"tags": [
"x_transferred"
],
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T00:06:15.456739",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.qt.io/blog/tag/security"
},
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/456216"
},
{
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217"
},
{
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238"
},
{
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff"
},
{
"url": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d"
},
{
"url": "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-24607",
"datePublished": "2023-04-15T00:00:00",
"dateReserved": "2023-01-29T00:00:00",
"dateUpdated": "2024-08-02T11:03:18.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4811 (GCVE-0-2006-4811)
Vulnerability from cvelistv5
Published
2006-10-18 17:00
Modified
2024-08-07 19:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017084",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017084"
},
{
"name": "RHSA-2006:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0725.html"
},
{
"name": "22738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22738"
},
{
"name": "22485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22485"
},
{
"name": "22586",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22586"
},
{
"name": "oval:org.mitre.oval:def:10218",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218"
},
{
"name": "22579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22579"
},
{
"name": "22520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22520"
},
{
"name": "22479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22479"
},
{
"name": "MDKSA-2006:186",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:186"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733"
},
{
"name": "22380",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22380"
},
{
"name": "USN-368-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-368-1"
},
{
"name": "20061002-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P"
},
{
"name": "MDKSA-2006:187",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:187"
},
{
"name": "22645",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22645"
},
{
"name": "20599",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20599"
},
{
"name": "20061101-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742"
},
{
"name": "GLSA-200703-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-06.xml"
},
{
"name": "24347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24347"
},
{
"name": "22890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22890"
},
{
"name": "22397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22397"
},
{
"name": "RHSA-2006:0720",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0720.html"
},
{
"name": "22929",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22929"
},
{
"name": "GLSA-200611-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-02.xml"
},
{
"name": "DSA-1200",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.us.debian.org/security/2006/dsa-1200"
},
{
"name": "ADV-2006-4099",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4099"
},
{
"name": "SSA:2006-298-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.483634"
},
{
"name": "SUSE-SA:2006:063",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html"
},
{
"name": "22492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22492"
},
{
"name": "22589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22589"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-723"
},
{
"name": "20061018 rPSA-2006-0195-1 kdelibs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449173/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1017084",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017084"
},
{
"name": "RHSA-2006:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0725.html"
},
{
"name": "22738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22738"
},
{
"name": "22485",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22485"
},
{
"name": "22586",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22586"
},
{
"name": "oval:org.mitre.oval:def:10218",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218"
},
{
"name": "22579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22579"
},
{
"name": "22520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22520"
},
{
"name": "22479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22479"
},
{
"name": "MDKSA-2006:186",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:186"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733"
},
{
"name": "22380",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22380"
},
{
"name": "USN-368-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-368-1"
},
{
"name": "20061002-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P"
},
{
"name": "MDKSA-2006:187",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:187"
},
{
"name": "22645",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22645"
},
{
"name": "20599",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20599"
},
{
"name": "20061101-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742"
},
{
"name": "GLSA-200703-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-06.xml"
},
{
"name": "24347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24347"
},
{
"name": "22890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22890"
},
{
"name": "22397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22397"
},
{
"name": "RHSA-2006:0720",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0720.html"
},
{
"name": "22929",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22929"
},
{
"name": "GLSA-200611-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-02.xml"
},
{
"name": "DSA-1200",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.us.debian.org/security/2006/dsa-1200"
},
{
"name": "ADV-2006-4099",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4099"
},
{
"name": "SSA:2006-298-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.483634"
},
{
"name": "SUSE-SA:2006:063",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html"
},
{
"name": "22492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22492"
},
{
"name": "22589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22589"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-723"
},
{
"name": "20061018 rPSA-2006-0195-1 kdelibs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449173/100/0/threaded"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-4811",
"datePublished": "2006-10-18T17:00:00",
"dateReserved": "2006-09-15T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30161 (GCVE-0-2024-30161)
Vulnerability from cvelistv5
Published
2024-03-24 00:00
Modified
2025-03-14 00:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-30161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T19:34:23.955790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T00:58:52.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:02.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/544314"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-11T13:55:54.858Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/544314"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-30161",
"datePublished": "2024-03-24T00:00:00.000Z",
"dateReserved": "2024-03-24T00:00:00.000Z",
"dateUpdated": "2025-03-14T00:58:52.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1290 (GCVE-0-2015-1290)
Vulnerability from cvelistv5
Published
2018-01-09 16:00
Modified
2024-08-06 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=505374"
},
{
"name": "openSUSE-SU-2015:2368",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nsfocus.net/index.php?act=advisory\u0026do=view\u0026adv_id=80"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1233453004"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-09T15:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=505374"
},
{
"name": "openSUSE-SU-2015:2368",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nsfocus.net/index.php?act=advisory\u0026do=view\u0026adv_id=80"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1233453004"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1",
"refsource": "CONFIRM",
"url": "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1"
},
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=505374",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=505374"
},
{
"name": "openSUSE-SU-2015:2368",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html"
},
{
"name": "http://www.nsfocus.net/index.php?act=advisory\u0026do=view\u0026adv_id=80",
"refsource": "MISC",
"url": "http://www.nsfocus.net/index.php?act=advisory\u0026do=view\u0026adv_id=80"
},
{
"name": "https://codereview.chromium.org/1233453004",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1233453004"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1290",
"datePublished": "2018-01-09T16:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5076 (GCVE-0-2010-5076)
Vulnerability from cvelistv5
Published
2012-06-29 19:00
Modified
2024-08-07 04:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1504-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"name": "49895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49895"
},
{
"name": "RHSA-2012:0880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html"
},
{
"name": "41236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41236"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0"
},
{
"name": "49604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49604"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugreports.qt-project.org/browse/QTBUG-4455"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject\u0027s Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-16T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1504-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"name": "49895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49895"
},
{
"name": "RHSA-2012:0880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html"
},
{
"name": "41236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41236"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0"
},
{
"name": "49604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49604"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugreports.qt-project.org/browse/QTBUG-4455"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5076",
"datePublished": "2012-06-29T19:00:00",
"dateReserved": "2011-12-19T00:00:00",
"dateUpdated": "2024-08-07T04:09:38.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10904 (GCVE-0-2017-10904)
Vulnerability from cvelistv5
Published
2017-12-15 14:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OS Command Injection
Summary
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Qt Company | Qt for Android |
Version: prior to 5.9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#67389262",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN67389262/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qt for Android",
"vendor": "The Qt Company",
"versions": [
{
"status": "affected",
"version": "prior to 5.9.0"
}
]
}
],
"datePublic": "2017-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#67389262",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN67389262/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Qt for Android",
"version": {
"version_data": [
{
"version_value": "prior to 5.9.0"
}
]
}
}
]
},
"vendor_name": "The Qt Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#67389262",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN67389262/index.html"
},
{
"name": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/",
"refsource": "CONFIRM",
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10904",
"datePublished": "2017-12-15T14:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2700 (GCVE-0-2009-2700)
Vulnerability from cvelistv5
Published
2009-09-02 17:00
Modified
2024-08-07 05:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36702"
},
{
"name": "36203",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36203"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6"
},
{
"name": "MDVSA-2009:225",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225"
},
{
"name": "USN-829-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-829-1"
},
{
"name": "ADV-2009-2499",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2499"
},
{
"name": "36536",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-24T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36702"
},
{
"name": "36203",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36203"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6"
},
{
"name": "MDVSA-2009:225",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225"
},
{
"name": "USN-829-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-829-1"
},
{
"name": "ADV-2009-2499",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2499"
},
{
"name": "36536",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36702"
},
{
"name": "36203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36203"
},
{
"name": "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6",
"refsource": "CONFIRM",
"url": "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6"
},
{
"name": "MDVSA-2009:225",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225"
},
{
"name": "USN-829-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-829-1"
},
{
"name": "ADV-2009-2499",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2499"
},
{
"name": "36536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2700",
"datePublished": "2009-09-02T17:00:00",
"dateReserved": "2009-08-05T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10905 (GCVE-0-2017-10905)
Vulnerability from cvelistv5
Published
2017-12-15 14:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- External Control of Critical State Data
Summary
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Qt Company | Qt for Android |
Version: prior to 5.9.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#27342829",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN27342829/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qt for Android",
"vendor": "The Qt Company",
"versions": [
{
"status": "affected",
"version": "prior to 5.9.3"
}
]
}
],
"datePublic": "2017-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "External Control of Critical State Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#27342829",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN27342829/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Qt for Android",
"version": {
"version_data": [
{
"version_value": "prior to 5.9.3"
}
]
}
}
]
},
"vendor_name": "The Qt Company"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "External Control of Critical State Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#27342829",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN27342829/index.html"
},
{
"name": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/",
"refsource": "CONFIRM",
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10905",
"datePublished": "2017-12-15T14:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15518 (GCVE-0-2018-15518)
Vulnerability from cvelistv5
Published
2018-12-26 20:00
Modified
2024-08-05 09:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4374",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"name": "openSUSE-SU-2018:4261",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "openSUSE-SU-2020:1452",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T08:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4374",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"name": "openSUSE-SU-2018:4261",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "openSUSE-SU-2020:1452",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4374",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"name": "https://codereview.qt-project.org/#/c/236691/",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"name": "openSUSE-SU-2018:4261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "CONFIRM",
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "MISC",
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "https://codereview.qt-project.org/#/c/236691/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "openSUSE-SU-2020:1452",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15518",
"datePublished": "2018-12-26T20:00:00",
"dateReserved": "2018-08-18T00:00:00",
"dateUpdated": "2024-08-05T09:54:03.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36048 (GCVE-0-2024-36048)
Vulnerability from cvelistv5
Published
2024-05-18 00:00
Modified
2024-08-08 14:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317"
},
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368"
},
{
"name": "FEDORA-2024-3936682805",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/"
},
{
"name": "FEDORA-2024-bfb8617ba3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/"
},
{
"name": "FEDORA-2024-2e27372d4c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:qt:qt_network_authorization:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qt_network_authorization",
"vendor": "qt",
"versions": [
{
"lessThan": "5.15.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:qt:qt_network_authorization:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qt_network_authorization",
"vendor": "qt",
"versions": [
{
"lessThan": "6.2.13",
"status": "affected",
"version": "6x",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.5x",
"status": "affected",
"version": "6.3x",
"versionType": "custom"
},
{
"lessThan": "6.5.6",
"status": "affected",
"version": "6.3x",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7x",
"status": "affected",
"version": "6.6x",
"versionType": "custom"
},
{
"lessThan": "6.71",
"status": "affected",
"version": "6.6x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36048",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T20:06:27.595947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-335",
"description": "CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T14:36:16.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:13:18.717568",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317"
},
{
"url": "https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368"
},
{
"name": "FEDORA-2024-3936682805",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/"
},
{
"name": "FEDORA-2024-bfb8617ba3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/"
},
{
"name": "FEDORA-2024-2e27372d4c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-36048",
"datePublished": "2024-05-18T00:00:00",
"dateReserved": "2024-05-18T00:00:00",
"dateUpdated": "2024-08-08T14:36:16.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1859 (GCVE-0-2015-1859)
Vulnerability from cvelistv5
Published
2015-05-12 19:00
Modified
2024-08-06 04:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "74307",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74307"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "74310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74310"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "74307",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74307"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "74310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74310"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1859",
"datePublished": "2015-05-12T19:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0254 (GCVE-0-2013-0254)
Vulnerability from cvelistv5
Published
2013-02-06 11:00
Modified
2024-08-06 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:0404",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html"
},
{
"name": "RHSA-2013:0669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0669.html"
},
{
"name": "openSUSE-SU-2013:0403",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html"
},
{
"name": "[qt-announce] 20130205 [Announce] [CVE-2013-0254] Qt Project Security Advisory: System V shared memory segments created world-writeable",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html"
},
{
"name": "openSUSE-SU-2013:0411",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907425"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-23T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2013:0404",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html"
},
{
"name": "RHSA-2013:0669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0669.html"
},
{
"name": "openSUSE-SU-2013:0403",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html"
},
{
"name": "[qt-announce] 20130205 [Announce] [CVE-2013-0254] Qt Project Security Advisory: System V shared memory segments created world-writeable",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html"
},
{
"name": "openSUSE-SU-2013:0411",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907425"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0404",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html"
},
{
"name": "RHSA-2013:0669",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0669.html"
},
{
"name": "openSUSE-SU-2013:0403",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html"
},
{
"name": "[qt-announce] 20130205 [Announce] [CVE-2013-0254] Qt Project Security Advisory: System V shared memory segments created world-writeable",
"refsource": "MLIST",
"url": "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html"
},
{
"name": "openSUSE-SU-2013:0411",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=907425",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907425"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0254",
"datePublished": "2013-02-06T11:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19865 (GCVE-0-2018-19865)
Vulnerability from cvelistv5
Published
2018-12-05 11:00
Modified
2024-08-05 11:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/245283/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/243666/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/245638/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/244569/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/245312/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/246630/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/245293/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/244687/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/245640/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/244845/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1263",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html"
},
{
"name": "openSUSE-SU-2019:1259",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-23T21:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/245283/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/243666/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/245638/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/244569/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/245312/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/246630/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/245293/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/244687/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/245640/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.qt-project.org/#/c/244845/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1263",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html"
},
{
"name": "openSUSE-SU-2019:1259",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/#/c/245283/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/245283/"
},
{
"name": "https://codereview.qt-project.org/#/c/243666/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/243666/"
},
{
"name": "https://codereview.qt-project.org/#/c/245638/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/245638/"
},
{
"name": "https://codereview.qt-project.org/#/c/244569/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/244569/"
},
{
"name": "https://codereview.qt-project.org/#/c/245312/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/245312/"
},
{
"name": "https://codereview.qt-project.org/#/c/246630/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/246630/"
},
{
"name": "https://codereview.qt-project.org/#/c/245293/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/245293/"
},
{
"name": "https://codereview.qt-project.org/#/c/244687/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/244687/"
},
{
"name": "https://codereview.qt-project.org/#/c/245640/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/245640/"
},
{
"name": "https://codereview.qt-project.org/#/c/244845/",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/#/c/244845/"
},
{
"name": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "MISC",
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1263",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html"
},
{
"name": "openSUSE-SU-2019:1259",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19865",
"datePublished": "2018-12-05T11:00:00",
"dateReserved": "2018-12-05T00:00:00",
"dateUpdated": "2024-08-05T11:44:20.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38197 (GCVE-0-2023-38197)
Vulnerability from cvelistv5
Published
2023-07-13 00:00
Modified
2024-08-02 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qt",
"vendor": "qt",
"versions": [
{
"lessThan": "5.15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:qt:qt:6.3.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qt",
"vendor": "qt",
"versions": [
{
"lessThan": "6.5.3",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "38"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "37"
}
]
},
{
"cpes": [
"cpe:2.3:a:qt:qt:6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qt",
"vendor": "qt",
"versions": [
{
"lessThan": "6.2.10",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-38197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T16:48:43.530719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T16:48:48.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/488960"
},
{
"name": "FEDORA-2023-364ae10761",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/"
},
{
"name": "FEDORA-2023-5ead27b6d2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/"
},
{
"name": "FEDORA-2023-ff372f9829",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T00:06:13.722212",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/488960"
},
{
"name": "FEDORA-2023-364ae10761",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/"
},
{
"name": "FEDORA-2023-5ead27b6d2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/"
},
{
"name": "FEDORA-2023-ff372f9829",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38197",
"datePublished": "2023-07-13T00:00:00",
"dateReserved": "2023-07-13T00:00:00",
"dateUpdated": "2024-08-02T17:30:14.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19873 (GCVE-0-2018-19873)
Vulnerability from cvelistv5
Published
2018-12-26 20:00
Modified
2024-08-05 11:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4374",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"name": "openSUSE-SU-2018:4261",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/238749/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "openSUSE-SU-2020:1452",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T08:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4374",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"name": "openSUSE-SU-2018:4261",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#/c/238749/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "openSUSE-SU-2020:1452",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4374",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"name": "openSUSE-SU-2018:4261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"name": "https://codereview.qt-project.org/#/c/238749/",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#/c/238749/"
},
{
"name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "CONFIRM",
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "openSUSE-SU-2020:1452",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"name": "openSUSE-SU-2020:1500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"name": "openSUSE-SU-2020:1501",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"name": "openSUSE-SU-2020:1530",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19873",
"datePublished": "2018-12-26T20:00:00",
"dateReserved": "2018-12-05T00:00:00",
"dateUpdated": "2024-08-05T11:44:20.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13962 (GCVE-0-2020-13962)
Vulnerability from cvelistv5
Published
2020-06-08 23:14
Modified
2024-08-04 12:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mumble-voip/mumble/pull/4032"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-83450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mumble-voip/mumble/issues/3679"
},
{
"name": "GLSA-202007-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-18"
},
{
"name": "openSUSE-SU-2020:1319",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html"
},
{
"name": "FEDORA-2020-f869e01557",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/"
},
{
"name": "FEDORA-2020-ca26a3f832",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/"
},
{
"name": "FEDORA-2020-8372f6bae4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL\u0027s error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-05T18:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mumble-voip/mumble/pull/4032"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugreports.qt.io/browse/QTBUG-83450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mumble-voip/mumble/issues/3679"
},
{
"name": "GLSA-202007-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-18"
},
{
"name": "openSUSE-SU-2020:1319",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html"
},
{
"name": "FEDORA-2020-f869e01557",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/"
},
{
"name": "FEDORA-2020-ca26a3f832",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/"
},
{
"name": "FEDORA-2020-8372f6bae4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL\u0027s error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mumble-voip/mumble/pull/4032",
"refsource": "MISC",
"url": "https://github.com/mumble-voip/mumble/pull/4032"
},
{
"name": "https://bugreports.qt.io/browse/QTBUG-83450",
"refsource": "MISC",
"url": "https://bugreports.qt.io/browse/QTBUG-83450"
},
{
"name": "https://github.com/mumble-voip/mumble/issues/3679",
"refsource": "MISC",
"url": "https://github.com/mumble-voip/mumble/issues/3679"
},
{
"name": "GLSA-202007-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-18"
},
{
"name": "openSUSE-SU-2020:1319",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html"
},
{
"name": "FEDORA-2020-f869e01557",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/"
},
{
"name": "FEDORA-2020-ca26a3f832",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/"
},
{
"name": "FEDORA-2020-8372f6bae4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13962",
"datePublished": "2020-06-08T23:14:10",
"dateReserved": "2020-06-08T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6093 (GCVE-0-2012-6093)
Vulnerability from cvelistv5
Published
2013-02-24 19:00
Modified
2024-08-06 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:0204",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#change%2C42461"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582"
},
{
"name": "USN-1723-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"name": "openSUSE-SU-2013:0256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html"
},
{
"name": "52217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52217"
},
{
"name": "openSUSE-SU-2013:0211",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29"
},
{
"name": "[Announce] 20130102 Qt Project Security Advisory: QSslSocket may report incorrect errors when certificate verification fails",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29"
},
{
"name": "[oss-security] 20130104 Re: CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/04/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an \"incompatible structure layout\" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2013:0204",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#change%2C42461"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582"
},
{
"name": "USN-1723-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"name": "openSUSE-SU-2013:0256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html"
},
{
"name": "52217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52217"
},
{
"name": "openSUSE-SU-2013:0211",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29"
},
{
"name": "[Announce] 20130102 Qt Project Security Advisory: QSslSocket may report incorrect errors when certificate verification fails",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29"
},
{
"name": "[oss-security] 20130104 Re: CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/04/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891955"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6093",
"datePublished": "2013-02-24T19:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T21:21:28.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4422 (GCVE-0-2013-4422)
Vulnerability from cvelistv5
Published
2013-10-23 15:00
Modified
2024-08-06 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:13.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://quassel-irc.org/node/120"
},
{
"name": "55194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55194"
},
{
"name": "55581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55581"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.quassel-irc.org/issues/1244"
},
{
"name": "[oss-security] 20131010 Re: CVE Request - Quassel IRC SQL injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/74"
},
{
"name": "quasselirc-backslash-sql-injection(87805)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805"
},
{
"name": "GLSA-201311-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
},
{
"name": "62923",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62923"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \\ (backslash) in a message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://quassel-irc.org/node/120"
},
{
"name": "55194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55194"
},
{
"name": "55581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55581"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.quassel-irc.org/issues/1244"
},
{
"name": "[oss-security] 20131010 Re: CVE Request - Quassel IRC SQL injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/74"
},
{
"name": "quasselirc-backslash-sql-injection(87805)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805"
},
{
"name": "GLSA-201311-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
},
{
"name": "62923",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62923"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4422",
"datePublished": "2013-10-23T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:13.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1860 (GCVE-0-2015-1860)
Vulnerability from cvelistv5
Published
2015-05-12 19:00
Modified
2024-08-06 04:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "FEDORA-2015-6573",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"name": "FEDORA-2015-6613",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"
},
{
"name": "74302",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74302"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "FEDORA-2015-6661",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/108248/"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-6114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "FEDORA-2015-6573",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"
},
{
"name": "FEDORA-2015-6123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "GLSA-201603-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"name": "FEDORA-2015-6613",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"
},
{
"name": "74302",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74302"
},
{
"name": "FEDORA-2015-6364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "FEDORA-2015-6661",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"
},
{
"name": "USN-2626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#/c/108248/"
},
{
"name": "FEDORA-2015-6252",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1860",
"datePublished": "2015-05-12T19:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15011 (GCVE-0-2017-15011)
Vulnerability from cvelistv5
Published
2017-10-03 20:00
Modified
2024-09-16 17:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=m6zISgWPGGY"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-03T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=m6zISgWPGGY"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf",
"refsource": "MISC",
"url": "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf"
},
{
"name": "https://www.youtube.com/watch?v=m6zISgWPGGY",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=m6zISgWPGGY"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15011",
"datePublished": "2017-10-03T20:00:00Z",
"dateReserved": "2017-10-03T00:00:00Z",
"dateUpdated": "2024-09-16T17:22:41.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19871 (GCVE-0-2018-19871)
Vulnerability from cvelistv5
Published
2018-12-26 20:00
Modified
2024-08-05 11:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/237761/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1115",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T08:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#/c/237761/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1115",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/#/c/237761/",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#/c/237761/"
},
{
"name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "CONFIRM",
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1115",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "RHSA-2019:2135",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19871",
"datePublished": "2018-12-26T20:00:00",
"dateReserved": "2018-12-05T00:00:00",
"dateUpdated": "2024-08-05T11:44:20.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33285 (GCVE-0-2023-33285)
Vulnerability from cvelistv5
Published
2023-05-22 00:00
Modified
2025-01-21 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477644"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T15:17:38.437872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T15:17:54.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T00:06:21.626146",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477644"
},
{
"name": "[debian-lts-announce] 20240430 [SECURITY] [DLA 3805-1] qtbase-opensource-src security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33285",
"datePublished": "2023-05-22T00:00:00",
"dateReserved": "2023-05-22T00:00:00",
"dateUpdated": "2025-01-21T15:17:54.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19870 (GCVE-0-2018-19870)
Vulnerability from cvelistv5
Published
2018-12-26 20:00
Modified
2024-08-05 11:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.qt-project.org/#/c/235998/"
},
{
"name": "DSA-4374",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-28T08:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.qt-project.org/#/c/235998/"
},
{
"name": "DSA-4374",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1239",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/#/c/235998/",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#/c/235998/"
},
{
"name": "DSA-4374",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "CONFIRM",
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name": "openSUSE-SU-2019:1239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1786-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"name": "USN-4003-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"name": "RHSA-2019:2135",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"name": "RHSA-2019:3390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2377-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19870",
"datePublished": "2018-12-26T20:00:00",
"dateReserved": "2018-12-05T00:00:00",
"dateUpdated": "2024-08-05T11:44:20.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40983 (GCVE-0-2022-40983)
Vulnerability from cvelistv5
Published
2023-01-12 16:44
Modified
2025-03-05 19:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qt Project | Qt |
Version: 6.3.2. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:28:42.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1617"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40983",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:42:28.940594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T19:35:47.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Qt",
"vendor": "Qt Project",
"versions": [
{
"status": "affected",
"version": "6.3.2."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T16:44:11.041Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-40983",
"datePublished": "2023-01-12T16:44:11.041Z",
"dateReserved": "2022-09-20T20:20:21.535Z",
"dateUpdated": "2025-03-05T19:35:47.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-05-08 14:29
Modified
2025-04-12 10:46
Severity ?
Summary
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.qt-project.org/pipermail/announce/2014-April/000045.html | Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/67087 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-2626-1 | Third Party Advisory | |
| secalert@redhat.com | https://bugs.kde.org/show_bug.cgi?id=333404 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.qt-project.org/pipermail/announce/2014-April/000045.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/67087 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2626-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.kde.org/show_bug.cgi?id=333404 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| fedoraproject | fedora | 19 | |
| fedoraproject | fedora | 20 | |
| opensuse | opensuse | 13.1 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| canonical | ubuntu_linux | 15.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4A22C2-3E1F-41D4-9E72-7F3888DBFFCB",
"versionEndExcluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image."
},
{
"lang": "es",
"value": "El decodificador GIF en QtGui en Qt anterior a 5.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo) a trav\u00e9s de valores de ancho y alto inv\u00e1lidos en un imagen GIF."
}
],
"id": "CVE-2014-0190",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-08T14:29:13.953",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2014-April/000045.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/67087"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.kde.org/show_bug.cgi?id=333404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2014-April/000045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/67087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.kde.org/show_bug.cgi?id=333404"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-05 03:15
Modified
2025-03-20 21:30
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/477560 | Patch | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/480002 | Patch | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/477560 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/480002 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/ | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 38 | |
| qt | qt | * | |
| qt | qt | * | |
| qt | qt | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBA5D51-F496-4C61-87A5-04C32F8F2AF6",
"versionEndExcluding": "5.15.15",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513DDB0D-A132-4046-8B49-D2776E585826",
"versionEndExcluding": "6.2.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "226FFAAF-14BA-4B15-A7DC-40E7CE23947B",
"versionEndExcluding": "6.5.2",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate."
}
],
"id": "CVE-2023-34410",
"lastModified": "2025-03-20T21:30:54.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-06-05T03:15:09.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477560"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/480002"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/480002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-26 21:29
Modified
2024-11-21 03:58
Severity ?
Summary
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2135 | ||
| cve@mitre.org | https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/#/c/237761/ | Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2135 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/237761/ | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09F12149-EFFA-4F50-948E-DBDEE0486972",
"versionEndExcluding": "5.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Hay un consumo de recursos no controlado en QTgaFile."
}
],
"id": "CVE-2018-19871",
"lastModified": "2024-11-21T03:58:43.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-26T21:29:02.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/237761/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/237761/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-16 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2011-1323.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2011-1328.html | ||
| secalert@redhat.com | http://secunia.com/advisories/46128 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/46140 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/46187 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/46371 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/46410 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/49383 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/49895 | Vendor Advisory | |
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-201206-02.xml | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/08/22/6 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/08/24/8 | ||
| secalert@redhat.com | http://www.osvdb.org/75653 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/49724 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1504-1 | ||
| secalert@redhat.com | https://bugzilla.novell.com/show_bug.cgi?id=637275 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/69975 | ||
| secalert@redhat.com | https://hermes.opensuse.org/messages/12056605 | ||
| secalert@redhat.com | https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2011-1323.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2011-1328.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46128 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46140 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46187 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46371 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46410 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49383 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49895 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201206-02.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/08/22/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/08/24/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/75653 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/49724 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1504-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.novell.com/show_bug.cgi?id=637275 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/69975 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://hermes.opensuse.org/messages/12056605 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6196C5-BB95-447A-B610-4765AB702F96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en el lector de TIFF de gui/image/qtiffhandler.cpp de Qt 4.7.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de la etiqueta TIFFTAG_SAMPLESPERPIXEL de una imagen en escala de grises TIFF con m\u00faltiples muestras por pixel."
}
],
"id": "CVE-2011-3194",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-16T00:55:04.733",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46128"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46140"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46187"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46371"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46410"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49383"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49895"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201206-02.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/75653"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49724"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=637275"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69975"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"source": "secalert@redhat.com",
"url": "https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/75653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=637275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-03 16:19
Modified
2025-04-09 00:30
Severity ?
Summary
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc | ||
| cve@mitre.org | http://fedoranews.org/updates/FEDORA-2007-703.shtml | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2011-1324.html | ||
| cve@mitre.org | http://secunia.com/advisories/24699 | ||
| cve@mitre.org | http://secunia.com/advisories/24705 | ||
| cve@mitre.org | http://secunia.com/advisories/24726 | ||
| cve@mitre.org | http://secunia.com/advisories/24727 | ||
| cve@mitre.org | http://secunia.com/advisories/24759 | ||
| cve@mitre.org | http://secunia.com/advisories/24797 | ||
| cve@mitre.org | http://secunia.com/advisories/24847 | ||
| cve@mitre.org | http://secunia.com/advisories/24889 | ||
| cve@mitre.org | http://secunia.com/advisories/25263 | ||
| cve@mitre.org | http://secunia.com/advisories/26804 | ||
| cve@mitre.org | http://secunia.com/advisories/26857 | ||
| cve@mitre.org | http://secunia.com/advisories/27108 | ||
| cve@mitre.org | http://secunia.com/advisories/27275 | ||
| cve@mitre.org | http://secunia.com/advisories/46117 | ||
| cve@mitre.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591 | ||
| cve@mitre.org | http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm | ||
| cve@mitre.org | http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html | ||
| cve@mitre.org | http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1292 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:074 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:075 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:076 | ||
| cve@mitre.org | http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_6_sr.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0883.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0909.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/23269 | ||
| cve@mitre.org | http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350 | Patch | |
| cve@mitre.org | http://www.ubuntu.com/usn/usn-452-1 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1212 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/33397 | ||
| cve@mitre.org | https://issues.rpath.com/browse/RPL-1202 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510 | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://fedoranews.org/updates/FEDORA-2007-703.shtml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2011-1324.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24699 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24705 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24726 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24727 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24759 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24797 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24847 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24889 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25263 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26804 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26857 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27108 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27275 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46117 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1292 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:074 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:075 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:076 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_6_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0883.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0909.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/23269 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-452-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1212 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33397 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1202 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D729F4A6-D9EA-44A3-8974-B03A814130BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters."
},
{
"lang": "es",
"value": "El decodificador de UTF-8 en el codecs/qutfcodec.cpp del Qt 3.3.8 y 4.2.3 no rechaza secuencias largas de UTF-8 como lo solicitado por el est\u00e1ndar, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) y de escalado de directorios mediante secuencias largas que decodifican metacaracteres peligrosos."
}
],
"id": "CVE-2007-0242",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-04-03T16:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA-2007-703.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24699"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24705"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24726"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24727"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24759"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24797"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24847"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24889"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25263"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26804"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26857"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27108"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27275"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/46117"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.348591"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1292"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076"
},
{
"source": "cve@mitre.org",
"url": "http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0883.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0909.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23269"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-452-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1212"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1202"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA-2007-703.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.348591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0883.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0909.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-452-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-18 21:15
Modified
2025-06-30 15:21
Severity ?
Summary
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 | Patch | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 | Patch | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ | Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ | Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/ | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06B844AA-8325-4FBB-8B65-56C09DEE08A0",
"versionEndExcluding": "5.15.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "838DE514-7032-40DC-AF57-1661CB8FAFB5",
"versionEndExcluding": "6.2.13",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10881526-5262-4B7D-AB3D-EFF4A458C57B",
"versionEndExcluding": "6.5.6",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84302790-D8CB-4737-A582-7FFB743E8DEE",
"versionEndExcluding": "6.7.1",
"versionStartIncluding": "6.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values."
},
{
"lang": "es",
"value": " QAbstractOAuth en Qt Network Authorization en Qt antes de 5.15.17, 6.x antes de 6.2.13, 6.3.x hasta 6.5.x antes de 6.5.6 y 6.6.x hasta 6.7.x antes de 6.7.1 usa solo el tiempo de inicializaci\u00f3n PRNG, lo que puede dar como resultado valores adivinables."
}
],
"id": "CVE-2024-36048",
"lastModified": "2025-06-30T15:21:31.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-18T21:15:47.673",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGB6KUPJFQWUBKXVDPJUMAD6KNJJEWPW/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOOZZZSK5PNRHFGQMUGUHVYWLILFJCRS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPHAI3DKDCIU6XLNS6PV6GFS2PHH3GZM/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-335"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-04 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf | Third Party Advisory | |
| cve@mitre.org | https://www.youtube.com/watch?v=m6zISgWPGGY | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/watch?v=m6zISgWPGGY | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | 5.0.0 | |
| qt | qt | 5.0.1 | |
| qt | qt | 5.1.0 | |
| qt | qt | 5.2.0 | |
| qt | qt | 5.3.0 | |
| qt | qt | 5.4.0 | |
| qt | qt | 5.5.0 | |
| qt | qt | 5.6.0 | |
| qt | qt | 5.7.0 | |
| qt | qt | 5.8.0 | |
| qt | qt | 5.9.0 | |
| qt | qt | 5.10.0 | |
| qt | qt | 5.10.1 | |
| qt | qt | 5.11.0 | |
| qt | qt | 5.11.1 | |
| qt | qt | 5.11.2 | |
| qt | qt | 5.11.3 | |
| qt | qt | 5.12.0 | |
| qt | qt | 5.12.1 | |
| qt | qt | 5.12.2 | |
| qt | qt | 5.12.3 | |
| qt | qt | 5.12.4 | |
| qt | qt | 5.13.0 | |
| qt | qt | 5.14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E42429B-0123-428E-AD62-23000CDF7343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2980C52-9843-4A39-B164-76E9583F2D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE4473E-33BB-4953-9FC5-B3EE503A19E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1E6864-005E-4843-8D76-AF7D687CF991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC41EE4-29DE-4F86-AEA5-179F6AC9F24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F663AA25-2910-4D31-AD72-8BC8F76E9AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD2FCA0-F628-4164-8D32-8191A3004AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AA598B-B954-4389-AEC4-6B8E7762D507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F566F5-FB40-4F63-BF93-C9253A828B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD5483AF-66FC-411D-A529-16C5CC8BD8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6827E6-7B15-423D-89C2-46B5E2D35961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58551C4F-EDA2-4AA3-9C5D-6FDF88C5746F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CCC1DB-3BA9-48CB-ADEE-F1C74C88CC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9024B9F9-90B8-494F-950E-955E62A3C872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B54B9182-F8A0-45AA-99A8-A7424A7C34E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B63018D9-848B-4901-9DC9-CE6BBF0C2CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE2DA92-F05B-426C-8CE7-6DCC6AF6461D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4018AD-55DB-4C13-A26B-ED1564E4C501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC8E8B7-299B-4E76-9DC7-8482BA357B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5AC67C-2634-49DB-9F97-C27498047C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8F2A2AC-F3DE-49E3-B0AF-3953ABD1C269",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string."
},
{
"lang": "es",
"value": "Las tuber\u00edas nombradas en qtsingleapp en QT 5.x, tal y como se usan en qBittorrent y SugarSync, est\u00e1n configuradas para que se puedan acceder de manera remota y permitan que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado de la aplicaci\u00f3n) mediante una cadena no especificada."
}
],
"id": "CVE-2017-15011",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-04T01:29:03.433",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=m6zISgWPGGY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=m6zISgWPGGY"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-26 21:29
Modified
2024-11-21 03:50
Severity ?
Summary
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html | Patch, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2135 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3390 | ||
| cve@mitre.org | https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | Third Party Advisory | |
| cve@mitre.org | https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | Third Party Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/#/c/236691/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/#/c/236691/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html | ||
| cve@mitre.org | https://usn.ubuntu.com/4003-1/ | ||
| cve@mitre.org | https://www.debian.org/security/2019/dsa-4374 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2135 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3390 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/236691/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/236691/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4003-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2019/dsa-4374 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| opensuse | leap | 42.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F92505F4-3A07-4D80-B85F-F4D3B351A92F",
"versionEndExcluding": "5.11.3",
"versionStartIncluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document."
},
{
"lang": "es",
"value": "QXmlStream en Qt 5.x en versiones anteriores a la 5.11.3 tiene una doble liberaci\u00f3n (double free) o una corrupci\u00f3n durante el an\u00e1lisis de un documento XML ilegal especialmente manipulado."
}
],
"id": "CVE-2018-15518",
"lastModified": "2024-11-21T03:50:59.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-26T21:29:00.823",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-11 14:15
Modified
2024-11-21 05:58
Severity ?
Summary
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugreports.qt.io/browse/QTBUG-91507 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugreports.qt.io/browse/QTBUG-91507 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:5.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7FCB6B-872F-4900-A2CF-192AFECC4DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C0A66DBD-439D-45EA-BC80-502314D5B0AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "D47A6409-4A47-4963-9D77-DCC92668B6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "28417B5D-0086-436E-9698-20E8C3E5E2E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EDDE01F-6F8A-412E-BFE3-5D0561629D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F869EA5F-9246-48B2-8BF0-BF68DA091750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "508C8F60-141E-4168-BCC8-114CD777D2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "94F0B03A-ABD8-44AC-99D6-3232EC44DDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "44C86D23-6D06-4A62-90C3-173852C1545B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E1FFE318-54E1-44B8-9164-696EE8CE280C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC14C9CB-1965-4659-8254-17EAB448616D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "B5846684-AB3C-4CF6-BEDB-660FDA8675DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "58B3621A-04A2-4302-9848-482B102895D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EC7DBCDC-72EE-4C57-8E69-8A733A4F3602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "D6212764-5B80-4340-8150-E8CD918ED396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3D2F8A83-BB1A-4938-B1CD-2B604C43D4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EF6E8E02-CBCA-4AB3-8BDA-4177FEDECFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "221D7C16-BB9A-4145-9D18-D68728AFBF3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS)."
}
],
"id": "CVE-2021-28025",
"lastModified": "2024-11-21T05:58:59.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-11T14:15:12.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-22 03:15
Modified
2024-11-21 08:05
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/477644 | Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/477644 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B67B902C-4F68-4FD5-8A04-FFF6B1F1A738",
"versionEndExcluding": "5.15.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513DDB0D-A132-4046-8B49-D2776E585826",
"versionEndExcluding": "6.2.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "116DC3F0-630E-43F6-AD19-0ABB41CF3D70",
"versionEndExcluding": "6.5.1",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server."
}
],
"id": "CVE-2023-33285",
"lastModified": "2024-11-21T08:05:20.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-22T03:15:09.720",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477644"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/477644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-12 18:15
Modified
2024-11-21 05:08
Severity ?
Summary
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html | Broken Link | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/308436 | Mailing List, Patch, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/308495 | Mailing List, Patch, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/308496 | Mailing List, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/ | ||
| cve@mitre.org | https://security.gentoo.org/glsa/202009-04 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/308436 | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/308495 | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/308496 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202009-04 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| qt | qt | * | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C737E0-DF07-47D9-AF8B-664A3857246A",
"versionEndIncluding": "5.12.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE6A48D-B484-4F13-861F-EFDB09D2A0FB",
"versionEndExcluding": "5.15.1",
"versionStartIncluding": "5.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Qt versiones hasta 5.12.9 y versiones 5.13.x hasta 5.15.x anteriores a 5.15.1. La funci\u00f3n read_xbm_body en el archivo gui/image/qxbmhandler.cpp presenta una lectura excesiva del b\u00fafer"
}
],
"id": "CVE-2020-17507",
"lastModified": "2024-11-21T05:08:15.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-12T18:15:17.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202009-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/308496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202009-04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-15 01:15
Modified
2024-11-21 07:48
Severity ?
Summary
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/456216 | Issue Tracking | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217 | Permissions Required | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238 | Permissions Required | |
| cve@mitre.org | https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff | Vendor Advisory | |
| cve@mitre.org | https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html | ||
| cve@mitre.org | https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin | Product | |
| cve@mitre.org | https://www.qt.io/blog/tag/security | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/456216 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.qt.io/blog/tag/security | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82BC32FC-2B1F-4FD4-A368-DD37D7FCBA7E",
"versionEndExcluding": "5.15.13",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4911A94E-AA2F-4017-8702-0AF092FF809F",
"versionEndExcluding": "6.2.8",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC66FEF-0D94-4464-B9F8-800A1F9424C0",
"versionEndExcluding": "6.4.3",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3."
}
],
"id": "CVE-2023-24607",
"lastModified": "2024-11-21T07:48:13.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-15T01:15:07.043",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/456216"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.qt.io/blog/tag/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/456216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.qt.io/blog/tag/security"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-16 02:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/ | Issue Tracking, Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN27342829/index.html | Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/ | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN27342829/index.html | Issue Tracking, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:android:*:*",
"matchCriteriaId": "F88F399C-A111-4C03-8D1B-9F280F9F4BE0",
"versionEndExcluding": "5.9.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad en aplicaciones creadas mediante Qt para Android en versiones anteriores a la 5.9.3 permite que atacantes alteren variables del entorno mediante vectores sin especificar."
}
],
"id": "CVE-2017-10905",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-16T02:29:07.230",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN27342829/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN27342829/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-24 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582 | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html | ||
| secalert@redhat.com | http://lists.qt-project.org/pipermail/announce/2013-January/000020.html | Vendor Advisory | |
| secalert@redhat.com | http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29 | ||
| secalert@redhat.com | http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29 | ||
| secalert@redhat.com | http://secunia.com/advisories/52217 | Vendor Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/01/04/6 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1723-1 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=891955 | ||
| secalert@redhat.com | https://codereview.qt-project.org/#change%2C42461 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.qt-project.org/pipermail/announce/2013-January/000020.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/52217 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/01/04/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1723-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=891955 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#change%2C42461 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.1 | |
| qt | qt | 4.6.2 | |
| qt | qt | 4.6.3 | |
| qt | qt | 4.6.4 | |
| qt | qt | 4.7.0 | |
| qt | qt | 4.7.1 | |
| qt | qt | 4.7.2 | |
| qt | qt | 4.7.3 | |
| qt | qt | 4.7.4 | |
| qt | qt | 4.7.5 | |
| qt | qt | 4.7.6 | |
| qt | qt | 4.8.0 | |
| qt | qt | 4.8.1 | |
| qt | qt | 4.8.2 | |
| qt | qt | 4.8.3 | |
| qt | qt | 4.8.4 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| opensuse | opensuse | 11.4 | |
| opensuse | opensuse | 12.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:rc:*:*:*:*:*:*",
"matchCriteriaId": "89E6A634-D297-42AF-B001-48BCBB89C240",
"versionEndIncluding": "4.6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5CFCD4-6CB1-489D-9619-B0169EA1719C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC1BC2C-6D99-463F-9326-AF9B468E03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "342A67CF-B332-46D1-A3FF-604552953C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9239A893-506A-4853-8B00-FCDE5EC3E5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6196C5-BB95-447A-B610-4765AB702F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E398049-C78A-452C-9FBF-E32DC86BDBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.6:rc:*:*:*:*:*:*",
"matchCriteriaId": "6E5EF3D1-6BD5-4488-A18C-79E26E87CFA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B307395A-36B6-4F54-92C9-D732580F3EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D0CB6E-5275-4D51-81F1-84D456F936B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "214A1125-FBE9-433D-8B05-10595CD59F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7CC6B1-7E40-4D6A-94CF-7412EA3F8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "062A62AA-EC5B-4D8E-9337-D25DF4FE56FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an \"incompatible structure layout\" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate."
},
{
"lang": "es",
"value": "La funci\u00f3n QSslSocket::sslErrors en Qt anterior a v4.6.5, v4.7.x anterior a v4.7.6, v4.8.x anterior a v4.8.5, cuando se usan ciertas versiones de openSSL, usa un dise\u00f1o de estructura incompatible que puede leer memoria desde una direcci\u00f3n erronea, lo que produce que Qt reporte un error incorrecto cuando el certificado de validaci\u00f3n falle y puede causar a los usuarios que hagan decisiones de seguridad inseguras para aceptar certificados."
}
],
"id": "CVE-2012-6093",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-24T19:55:00.907",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html"
},
{
"source": "secalert@redhat.com",
"url": "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29"
},
{
"source": "secalert@redhat.com",
"url": "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52217"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/01/04/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891955"
},
{
"source": "secalert@redhat.com",
"url": "https://codereview.qt-project.org/#change%2C42461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/01/04/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.qt-project.org/#change%2C42461"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-12 17:15
Modified
2024-11-21 07:22
Severity ?
Summary
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1617 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B80CA217-D896-4BCF-B385-582CDF21DAD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de enteros en la API QML QtScript Reflect de Qt Project Qt 6.3.2. Un c\u00f3digo JavaScript especialmente manipulado puede provocar un desbordamiento de enteros durante la asignaci\u00f3n de memoria, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. La aplicaci\u00f3n de destino necesitar\u00eda acceder a una p\u00e1gina web maliciosa para activar esta vulnerabilidad."
}
],
"id": "CVE-2022-40983",
"lastModified": "2024-11-21T07:22:23.133",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-12T17:15:09.407",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1617"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "talos-cna@cisco.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-02 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6 | ||
| cve@mitre.org | http://secunia.com/advisories/36536 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/36702 | Vendor Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2009:225 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/36203 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-829-1 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/2499 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36536 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36702 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:225 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36203 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-829-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2499 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | 4.0.0 | |
| qt | qt | 4.0.1 | |
| qt | qt | 4.1.0 | |
| qt | qt | 4.1.1 | |
| qt | qt | 4.1.2 | |
| qt | qt | 4.1.3 | |
| qt | qt | 4.1.4 | |
| qt | qt | 4.1.5 | |
| qt | qt | 4.2.0 | |
| qt | qt | 4.2.1 | |
| qt | qt | 4.2.3 | |
| qt | qt | 4.3.0 | |
| qt | qt | 4.3.1 | |
| qt | qt | 4.3.2 | |
| qt | qt | 4.3.3 | |
| qt | qt | 4.3.4 | |
| qt | qt | 4.3.5 | |
| qt | qt | 4.4.0 | |
| qt | qt | 4.4.1 | |
| qt | qt | 4.4.2 | |
| qt | qt | 4.4.3 | |
| qt | qt | 4.5.0 | |
| qt | qt | 4.5.1 | |
| qt | qt | 4.5.2 | |
| qt | qt | 4.5.3 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.1 | |
| qt | qt | 4.6.2 | |
| qt | qt | 4.6.3 | |
| qt | qt | 4.6.4 | |
| qt | qt | 4.7.0 | |
| qt | qt | 4.7.1 | |
| qt | qt | 4.7.2 | |
| qt | qt | 4.7.3 | |
| qt | qt | 4.7.4 | |
| qt | qt | 4.7.5 | |
| qt | qt | 4.8.0 | |
| qt | qt | 4.8.1 | |
| qt | qt | 4.8.2 | |
| qt | qt | 4.8.3 | |
| qt | qt | 4.8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A12D978-B6FF-4C67-97D4-91A285C47813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBD073E-F3E0-4273-81E9-AF010B711F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D58ACBA-7DF3-403A-AC0E-94749383C750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D16BB8CE-3871-4DFA-84BB-C089894437D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE12FD7-2FB2-444A-A660-86294646F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5596442-5608-439B-8BE6-53A70F20C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29FD745E-4B61-417F-BC66-386877E75351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5CFCD4-6CB1-489D-9619-B0169EA1719C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC1BC2C-6D99-463F-9326-AF9B468E03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "342A67CF-B332-46D1-A3FF-604552953C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9239A893-506A-4853-8B00-FCDE5EC3E5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6196C5-BB95-447A-B610-4765AB702F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E398049-C78A-452C-9FBF-E32DC86BDBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B307395A-36B6-4F54-92C9-D732580F3EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D0CB6E-5275-4D51-81F1-84D456F936B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "214A1125-FBE9-433D-8B05-10595CD59F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7CC6B1-7E40-4D6A-94CF-7412EA3F8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "062A62AA-EC5B-4D8E-9337-D25DF4FE56FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
},
{
"lang": "es",
"value": "src/network/ssl/qsslcertificate.cpp en Nokia Trolltech Qt v4.x no gestiona adecuadamente el car\u00e1cter \u0027\\0\u0027en un nombre de dominio en el campo Subject Alternative Name field de un certificado X.509, lo cual permite a atacantes hombre-en-el-medio (man-in-the-middle) suplantar servidores SSL a su elecci\u00f3n a trav\u00e9s de certificados manipulados expedidos por una Autoridad de Certificaci\u00f3n leg\u00edtima, una cuesti\u00f3n relacionada con CVE-2009-2408."
}
],
"id": "CVE-2009-2700",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-02T17:30:00.797",
"references": [
{
"source": "cve@mitre.org",
"url": "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36536"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36702"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36203"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-829-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-829-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2499"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of qt and qt4 as shipped with Red Hat Enterprise Linux 3, 4, or 5. Affected code was introduced upstream in version 4.3.",
"lastModified": "2009-09-03T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-12 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html | Patch, Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.qt-project.org/pipermail/announce/2015-April/000067.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/74302 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-2626-1 | ||
| secalert@redhat.com | https://codereview.qt-project.org/#/c/108248/ | Patch | |
| secalert@redhat.com | https://security.gentoo.org/glsa/201603-10 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.qt-project.org/pipermail/announce/2015-April/000067.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74302 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2626-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/108248/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201603-10 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86E76F78-582E-4473-BF2F-70452F0B6AD5",
"versionEndIncluding": "4.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20079A6C-A3B9-4492-BC1F-A3B668F326D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E42429B-0123-428E-AD62-23000CDF7343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D60AFED7-9707-4FB7-817D-E2DE4BCABE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2980C52-9843-4A39-B164-76E9583F2D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en gui/image/qgifhandler.cpp en el m\u00f3dulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen GIF manipulada."
}
],
"id": "CVE-2015-1860",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-12T19:59:06.957",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74302"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/#/c/108248/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/#/c/108248/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201603-10"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-24 22:15
Modified
2024-11-21 02:40
Severity ?
Summary
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugreports.qt.io/browse/QTBUG-47417 | Vendor Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugreports.qt.io/browse/QTBUG-47417 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33FEDE1F-1137-4635-8549-C355C9180288",
"versionEndExcluding": "5.12.8",
"versionStartIncluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564."
},
{
"lang": "es",
"value": "Qt versiones hasta 5.14, permite un ataque de expansi\u00f3n de entidad XML exponencial por medio de un documento SVG dise\u00f1ado que es manejado inapropiadamente en la funci\u00f3n QXmlStreamReader, un problema relacionado con el CVE-2003-1564."
}
],
"id": "CVE-2015-9541",
"lastModified": "2024-11-21T02:40:53.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T22:15:12.880",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-47417"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-47417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-776"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-16 02:29
Modified
2025-04-20 01:37
Severity ?
Summary
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/ | Issue Tracking, Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN67389262/index.html | Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/ | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN67389262/index.html | Issue Tracking, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:android:*:*",
"matchCriteriaId": "9815918D-C797-4ED8-B408-A2AD28F4CC50",
"versionEndExcluding": "5.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
},
{
"lang": "es",
"value": "Qt para Android en versiones anteriores a la 5.9.0 permite que los atacantes remotos ejecuten comandos de sistema operativo arbitrarios mediante vectores sin especificar."
}
],
"id": "CVE-2017-10904",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-16T02:29:07.183",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN67389262/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN67389262/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-29 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0 | Exploit, Patch | |
| secalert@redhat.com | http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e | Patch | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2012-0880.html | ||
| secalert@redhat.com | http://secunia.com/advisories/41236 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/49604 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/49895 | Vendor Advisory | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1504-1 | ||
| secalert@redhat.com | http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt | ||
| secalert@redhat.com | https://bugreports.qt-project.org/browse/QTBUG-4455 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-0880.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/41236 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49604 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49895 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1504-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugreports.qt-project.org/browse/QTBUG-4455 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digia | qt | * | |
| qt | qt | 4.0.0 | |
| qt | qt | 4.0.1 | |
| qt | qt | 4.1.0 | |
| qt | qt | 4.1.1 | |
| qt | qt | 4.1.2 | |
| qt | qt | 4.1.3 | |
| qt | qt | 4.1.4 | |
| qt | qt | 4.1.5 | |
| qt | qt | 4.2.0 | |
| qt | qt | 4.2.1 | |
| qt | qt | 4.2.3 | |
| qt | qt | 4.3.0 | |
| qt | qt | 4.3.1 | |
| qt | qt | 4.3.2 | |
| qt | qt | 4.3.3 | |
| qt | qt | 4.3.4 | |
| qt | qt | 4.3.5 | |
| qt | qt | 4.4.0 | |
| qt | qt | 4.4.1 | |
| qt | qt | 4.4.2 | |
| qt | qt | 4.4.3 | |
| qt | qt | 4.5.0 | |
| qt | qt | 4.5.1 | |
| qt | qt | 4.5.2 | |
| qt | qt | 4.5.3 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.1 | |
| qt | qt | 4.6.2 | |
| qt | qt | 4.6.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5547662-C2D8-48C6-B1A5-7F929772EAA9",
"versionEndIncluding": "4.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A12D978-B6FF-4C67-97D4-91A285C47813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBD073E-F3E0-4273-81E9-AF010B711F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D58ACBA-7DF3-403A-AC0E-94749383C750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D16BB8CE-3871-4DFA-84BB-C089894437D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE12FD7-2FB2-444A-A660-86294646F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5596442-5608-439B-8BE6-53A70F20C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29FD745E-4B61-417F-BC66-386877E75351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject\u0027s Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
},
{
"lang": "es",
"value": "QSslSocket de Qt anteriores a 4.7.0-rc1 reconoce direcciones IP comod\u00edn en el campo \"Common Name\" del \"subject\" de un certificado X.509, lo que permite a atacantes \"man-in-the-middle\" suplantar servidores SSL arbitrarios a trav\u00e9s de un certificado modificado suministrado por una autoridad de certificaci\u00f3n leg\u00edtima."
}
],
"id": "CVE-2010-5076",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-29T19:55:01.563",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41236"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49604"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49895"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt"
},
{
"source": "secalert@redhat.com",
"url": "https://bugreports.qt-project.org/browse/QTBUG-4455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugreports.qt-project.org/browse/QTBUG-4455"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-27 03:15
Modified
2025-06-30 12:17
Severity ?
Summary
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D42CC99F-C212-4F89-84AB-1101C12474A8",
"versionEndExcluding": "5.15.17",
"versionStartIncluding": "5.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEEF453-BD03-4E79-B8F8-50568F468534",
"versionEndExcluding": "6.2.12",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A029D722-C66D-4F8C-8219-1845E86F3F0F",
"versionEndExcluding": "6.5.5",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD7C249-EF02-4DD7-A5E2-FFCFD373C888",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "6.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en gui/util/qktxhandler.cpp en Qt antes de 5.15.17, 6.x antes de 6.2.12, 6.3.x hasta 6.5.x antes de 6.5.5 y 6.6.x antes de 6.6.2. Se puede producir un desbordamiento del b\u00fafer y un bloqueo de la aplicaci\u00f3n a trav\u00e9s de un archivo de imagen KTX manipulado."
}
],
"id": "CVE-2024-25580",
"lastModified": "2025-06-30T12:17:16.113",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-27T03:15:12.007",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-26 21:29
Modified
2024-11-21 03:58
Severity ?
Summary
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html | Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2135 | ||
| cve@mitre.org | https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/#/c/234142/ | Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2135 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/234142/ | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09F12149-EFFA-4F50-948E-DBDEE0486972",
"versionEndExcluding": "5.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Una imagen SVG mal formada provoca un fallo de segmentaci\u00f3n en qsvghandler.cpp."
}
],
"id": "CVE-2018-19869",
"lastModified": "2024-11-21T03:58:43.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-26T21:29:02.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/234142/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/234142/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-02 20:30
Modified
2025-04-11 00:51
Severity ?
Summary
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://aluigi.org/adv/qtsslame-adv.txt | ||
| cve@mitre.org | http://aluigi.org/poc/qtsslame.zip | Exploit | |
| cve@mitre.org | http://osvdb.org/65860 | ||
| cve@mitre.org | http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597 | ||
| cve@mitre.org | http://secunia.com/advisories/40389 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/46410 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/41250 | Exploit | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/1657 | Vendor Advisory | |
| cve@mitre.org | https://hermes.opensuse.org/messages/12056605 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://aluigi.org/adv/qtsslame-adv.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://aluigi.org/poc/qtsslame.zip | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/65860 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40389 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46410 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/41250 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/1657 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hermes.opensuse.org/messages/12056605 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digia | qt | * | |
| qt | qt | 4.0.0 | |
| qt | qt | 4.0.1 | |
| qt | qt | 4.1.0 | |
| qt | qt | 4.1.1 | |
| qt | qt | 4.1.2 | |
| qt | qt | 4.1.3 | |
| qt | qt | 4.1.4 | |
| qt | qt | 4.1.5 | |
| qt | qt | 4.2.0 | |
| qt | qt | 4.2.1 | |
| qt | qt | 4.2.3 | |
| qt | qt | 4.3.0 | |
| qt | qt | 4.3.1 | |
| qt | qt | 4.3.2 | |
| qt | qt | 4.3.3 | |
| qt | qt | 4.3.4 | |
| qt | qt | 4.3.5 | |
| qt | qt | 4.4.0 | |
| qt | qt | 4.4.1 | |
| qt | qt | 4.4.2 | |
| qt | qt | 4.4.3 | |
| qt | qt | 4.5.0 | |
| qt | qt | 4.5.1 | |
| qt | qt | 4.5.2 | |
| qt | qt | 4.5.3 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.1 | |
| qt | qt | 4.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AE2922-1C8A-453D-BC5F-5F158DEB8607",
"versionEndIncluding": "4.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A12D978-B6FF-4C67-97D4-91A285C47813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBD073E-F3E0-4273-81E9-AF010B711F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D58ACBA-7DF3-403A-AC0E-94749383C750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D16BB8CE-3871-4DFA-84BB-C089894437D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE12FD7-2FB2-444A-A660-86294646F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5596442-5608-439B-8BE6-53A70F20C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29FD745E-4B61-417F-BC66-386877E75351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request."
},
{
"lang": "es",
"value": "La funci\u00f3n QSslSocketBackendPrivate::transmit en src_network_ssl_qsslsocket_openssl.cpp en Qt v4.6.3 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de una solicitud mal formada."
}
],
"id": "CVE-2010-2621",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-02T20:30:01.707",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.org/adv/qtsslame-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.org/poc/qtsslame.zip"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/65860"
},
{
"source": "cve@mitre.org",
"url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40389"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46410"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41250"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1657"
},
{
"source": "cve@mitre.org",
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.org/adv/qtsslame-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.org/poc/qtsslame.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/65860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/41250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/12056605"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-26 21:29
Modified
2025-02-11 20:11
Severity ?
Summary
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html | Mailing List | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html | Mailing List | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html | Mailing List | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html | Mailing List | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2135 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3390 | Third Party Advisory | |
| cve@mitre.org | https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/#/c/238749/ | Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html | Mailing List | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html | Mailing List | |
| cve@mitre.org | https://usn.ubuntu.com/4003-1/ | Mailing List | |
| cve@mitre.org | https://www.debian.org/security/2019/dsa-4374 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2135 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3390 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/238749/ | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4003-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2019/dsa-4374 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0812A4D4-D12F-43A6-8A8C-31D117469838",
"versionEndIncluding": "5.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15A9B1B2-A6F8-4A49-AD5C-D5601B9C6311",
"versionEndIncluding": "5.8.0",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "829CF88F-26E4-4B18-8816-5062E7A6FD1E",
"versionEndExcluding": "5.11.3",
"versionStartIncluding": "5.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:backports:sle-15:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2B7A2D58-B706-41B4-AC99-D51E317AA2D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. QBmpHandler tiene un desbordamiento de b\u00fafer mediante datos BMP."
}
],
"id": "CVE-2018-19873",
"lastModified": "2025-02-11T20:11:38.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-26T21:29:02.480",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/238749/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/238749/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-12 02:15
Modified
2024-11-21 06:17
Severity ?
Summary
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml | Third Party Advisory | |
| cve@mitre.org | https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/ | ||
| cve@mitre.org | https://security.gentoo.org/glsa/202402-03 | ||
| cve@mitre.org | https://wiki.qt.io/Qt_5.15_Release#Known_Issues | Issue Tracking, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holders | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202402-03 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.qt.io/Qt_5.15_Release#Known_Issues | Issue Tracking, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holders | Release Notes |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| qt | qt | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DF360C-4ADC-4C67-802D-4E6651BE9782",
"versionEndExcluding": "5.15.6",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44ADCFEF-FA24-4424-94C4-A455F8E53CD2",
"versionEndIncluding": "6.1.2",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke)."
},
{
"lang": "es",
"value": "Qt 5.x antes de la versi\u00f3n 5.15.6 y 6.x hasta la versi\u00f3n 6.1.2 tiene una escritura fuera de l\u00edmites en QOutlineMapper::convertPath (llamada desde QRasterPaintEngine::fill y QPaintEngineEx::stroke)"
}
],
"id": "CVE-2021-38593",
"lastModified": "2024-11-21T06:17:36.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-12T02:15:06.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202402-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.qt.io/Qt_5.15_Release#Known_Issues"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holders"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202402-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Release Notes",
"Vendor Advisory"
],
"url": "https://wiki.qt.io/Qt_5.15_Release#Known_Issues"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holders"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-09 22:15
Modified
2024-11-21 05:16
Severity ?
Summary
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/280730 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/280730 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEF5E43-A4E5-4B8F-A8FC-F61ED68F2838",
"versionEndExcluding": "5.12.7",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE43F06-DFE8-466D-A9BC-FEA2B1BC069B",
"versionEndIncluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files."
},
{
"lang": "es",
"value": "Es corregido un problema en Qt versiones 5.14.0, donde la funci\u00f3n QPluginLoader intenta cargar plugins relativos al directorio de trabajo, permitiendo a atacantes ejecutar c\u00f3digo arbitrario por medio de archivos dise\u00f1ados"
}
],
"id": "CVE-2020-24742",
"lastModified": "2024-11-21T05:16:00.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-09T22:15:08.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/280730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/280730"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-04 21:15
Modified
2025-03-19 20:15
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/571601 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/571601 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E12B8628-DB3E-4ED1-9D7F-261C5895F69E",
"versionEndExcluding": "5.15.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "838DE514-7032-40DC-AF57-1661CB8FAFB5",
"versionEndExcluding": "6.2.13",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E25AAED6-E83F-4CB9-8CE2-428F76942B68",
"versionEndExcluding": "6.5.7",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1030EC9F-B558-4FA9-A31D-2053DEA52F3A",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "6.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en HTTP2 en Qt antes de 5.15.18, 6.x antes de 6.2.13, 6.3.x hasta 6.5.x antes de 6.5.7 y 6.6.x hasta 6.7.x antes de 6.7.3. El c\u00f3digo para tomar decisiones relevantes para la seguridad sobre una conexi\u00f3n establecida puede ejecutarse demasiado pronto, porque la se\u00f1al encrypted() a\u00fan no se ha emitido ni procesado."
}
],
"id": "CVE-2024-39936",
"lastModified": "2025-03-19T20:15:18.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-04T21:15:10.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/571601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/571601"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-18 17:07
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P | ||
| secalert@redhat.com | ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P | ||
| secalert@redhat.com | http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742 | ||
| secalert@redhat.com | http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html | ||
| secalert@redhat.com | http://secunia.com/advisories/22380 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/22397 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/22479 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/22485 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/22492 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/22520 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/22579 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/22586 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/22589 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/22645 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/22738 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/22890 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/22929 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/24347 | Vendor Advisory | |
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200611-02.xml | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200703-06.xml | ||
| secalert@redhat.com | http://securitytracker.com/id?1017084 | ||
| secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.483634 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDKSA-2006:186 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDKSA-2006:187 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2006-0720.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2006-0725.html | Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/archive/1/449173/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/20599 | ||
| secalert@redhat.com | http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/usn-368-1 | Patch | |
| secalert@redhat.com | http://www.us.debian.org/security/2006/dsa-1200 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2006/4099 | Vendor Advisory | |
| secalert@redhat.com | https://issues.rpath.com/browse/RPL-723 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218 | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22380 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22397 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22479 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22485 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22492 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22520 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22579 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22586 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22589 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22645 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22738 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22890 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22929 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24347 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200611-02.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200703-06.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1017084 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.483634 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:186 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:187 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2006-0720.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2006-0725.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/449173/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/20599 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-368-1 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us.debian.org/security/2006/dsa-1200 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/4099 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-723 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D26BBF-106F-48C8-9D57-CF080486DB64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "026716CE-6BA5-4FC4-8BD3-BF5430DEBE99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52BF63BD-E6FA-49AA-9627-7EDAD7939531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27EBEAE0-C1DF-46E4-9E2A-B333912A4950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCDBB15-4E26-48F0-A266-CA059CFEE596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A07F27DC-47A4-4EF2-91CC-81863D015B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58E53D3A-665D-4EEE-82EF-4EDBD194B475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:kdelibs:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5C548D-9A33-431C-9022-512B4B2DEC0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image."
},
{
"lang": "es",
"value": "El desbordamiento de enteros en el Qt 3.3 versiones anteriores a 3.3.7, 4.1 anteriores a 4.1.5, y 4.2 anteriores a 4.2.1, como el usado en la librer\u00eda KDE khtml, kdelibs 3.1.3, y, posiblemente otros paquetes, permite a los atacantes remotos causar la denegaci\u00f3n de servicio (ca\u00edda) y la posibilidad de ejecutar c\u00f3digo de su elecci\u00f3n mediante una imagen pixmap manipulada."
}
],
"id": "CVE-2006-4811",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-10-18T17:07:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P"
},
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22380"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22397"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22479"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22485"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22492"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22520"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22579"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22586"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22589"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22645"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22738"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22890"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22929"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24347"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200611-02.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200703-06.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1017084"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.483634"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:186"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:187"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0720.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0725.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/449173/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/20599"
},
{
"source": "secalert@redhat.com",
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/usn-368-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.us.debian.org/security/2006/dsa-1200"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4099"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-723"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200611-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200703-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.483634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0725.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449173/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/usn-368-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us.debian.org/security/2006/dsa-1200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10218"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-13 02:15
Modified
2024-11-21 08:13
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/488960 | Patch | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/488960 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/ |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19F5F946-5DD7-4F8D-8171-83BB0D9C5048",
"versionEndExcluding": "5.15.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54D034EA-7845-4FE1-BA22-0C12D61054B4",
"versionEndExcluding": "6.2.10",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87A37030-7537-4CA1-878E-5AFE90FCF259",
"versionEndExcluding": "6.5.3",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion."
}
],
"id": "CVE-2023-38197",
"lastModified": "2024-11-21T08:13:03.637",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-07-13T02:15:09.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/488960"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/488960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-12 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html | Patch, Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.qt-project.org/pipermail/announce/2015-April/000067.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/74309 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-2626-1 | ||
| secalert@redhat.com | https://codereview.qt-project.org/#/c/108312/ | Patch | |
| secalert@redhat.com | https://security.gentoo.org/glsa/201603-10 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.qt-project.org/pipermail/announce/2015-April/000067.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74309 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2626-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/108312/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201603-10 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86E76F78-582E-4473-BF2F-70452F0B6AD5",
"versionEndIncluding": "4.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20079A6C-A3B9-4492-BC1F-A3B668F326D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E42429B-0123-428E-AD62-23000CDF7343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D60AFED7-9707-4FB7-817D-E2DE4BCABE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2980C52-9843-4A39-B164-76E9583F2D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos del buffer en gui/image/qbmphandler.cpp en el m\u00f3dulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n y ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen BMP manipulada."
}
],
"id": "CVE-2015-1858",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-12T19:59:04.880",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74309"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/#/c/108312/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/#/c/108312/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201603-10"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-09 16:29
Modified
2024-11-21 02:25
Severity ?
Summary
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| chrome-cve-admin@google.com | http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1 | ||
| chrome-cve-admin@google.com | http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html | ||
| chrome-cve-admin@google.com | http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html | ||
| chrome-cve-admin@google.com | http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80 | ||
| chrome-cve-admin@google.com | https://bugs.chromium.org/p/chromium/issues/detail?id=505374 | ||
| chrome-cve-admin@google.com | https://codereview.chromium.org/1233453004 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/chromium/issues/detail?id=505374 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.chromium.org/1233453004 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B0AC37-F785-404C-A69F-FA77E586466D",
"versionEndExcluding": "44.0.2403.89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA8BCF4-1157-44BF-A11E-FC3C73204392",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site."
},
{
"lang": "es",
"value": "El motor Google V8, tal y como se utiliza en Google Chrome en versiones anteriores a la 44.0.2403.89 y QtWebEngineCore en Qt en versiones anteriores a la 5.5.1, permiten que atacantes remotos provoquen una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o ejecuten c\u00f3digo arbitrario mediante un sitio web manipulado."
}
],
"id": "CVE-2015-1290",
"lastModified": "2024-11-21T02:25:05.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-09T16:29:00.257",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.nsfocus.net/index.php?act=advisory\u0026do=view\u0026adv_id=80"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=505374"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://codereview.chromium.org/1233453004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nsfocus.net/index.php?act=advisory\u0026do=view\u0026adv_id=80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=505374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.chromium.org/1233453004"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-23 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/ | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html | ||
| secalert@redhat.com | http://lists.qt-project.org/pipermail/announce/2013-December/000036.html | ||
| secalert@redhat.com | http://secunia.com/advisories/56008 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/56166 | Vendor Advisory | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-2057-1 | ||
| secalert@redhat.com | https://codereview.qt-project.org/#change%2C71010 | ||
| secalert@redhat.com | https://codereview.qt-project.org/#change%2C71368 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.qt-project.org/pipermail/announce/2013-December/000036.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/56008 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/56166 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2057-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#change%2C71010 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#change%2C71368 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73CA5980-1396-4C98-8745-90A8F9767B58",
"versionEndIncluding": "5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20079A6C-A3B9-4492-BC1F-A3B668F326D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack."
},
{
"lang": "es",
"value": "QXmlSimpleReader en Qt anterior a v5.2 permite a los atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (consumo de memoria) mediante un ataque XML Entity Expansion (XEE)."
}
],
"id": "CVE-2013-4549",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-23T22:55:02.880",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56008"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56166"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2057-1"
},
{
"source": "secalert@redhat.com",
"url": "https://codereview.qt-project.org/#change%2C71010"
},
{
"source": "secalert@redhat.com",
"url": "https://codereview.qt-project.org/#change%2C71368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2057-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.qt-project.org/#change%2C71010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.qt-project.org/#change%2C71368"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-18 07:15
Modified
2024-11-21 08:23
Severity ?
Summary
An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/503026 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/503026 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F65E936-073F-4BA7-94D5-8B0FF18647DF",
"versionEndExcluding": "5.15.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54D034EA-7845-4FE1-BA22-0C12D61054B4",
"versionEndExcluding": "6.2.10",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D0B762-A0E6-4FAB-BC87-20AC3B0D2534",
"versionEndExcluding": "6.5.3",
"versionStartIncluding": "6.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Qt antes de 5.15.16, 6.x antes de 6.2.10 y 6.3.x a 6.5.x antes de 6.5.3 en Windows. Cuando se utiliza el motor de fuentes GDI, si se carga una fuente da\u00f1ada a trav\u00e9s de QFontDatabase::addApplicationFont{FromData], puede hacer que la aplicaci\u00f3n se bloquee debido a la falta de comprobaciones de longitud. "
}
],
"id": "CVE-2023-43114",
"lastModified": "2024-11-21T08:23:42.967",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-18T07:15:38.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/503026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/503026"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-21 07:15
Modified
2025-03-24 14:08
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4D111C-B1A7-4A17-AA3D-4A7F81D81F82",
"versionEndExcluding": "5.15.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2052B596-AF66-4AB5-9353-7DF480123D7B",
"versionEndExcluding": "6.5.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F90A01A-9D6A-4094-A589-D1188D83C9FE",
"versionEndExcluding": "6.8.0",
"versionStartIncluding": "6.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data)."
},
{
"lang": "es",
"value": "encodeText en QDom en Qt anterior a 6.8.0 tiene un algoritmo complejo que implica la copia de una cadena XML y el reemplazo en l\u00ednea de partes de una cadena (con reubicaci\u00f3n de datos posteriores)."
}
],
"id": "CVE-2025-30348",
"lastModified": "2025-03-24T14:08:36.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-21T07:15:37.673",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/581442"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-407"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-407"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-27 02:15
Modified
2024-11-21 04:59
Severity ?
Summary
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/291706 | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202007-38 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/291706 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202007-38 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:5.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D50AA1-3D3A-463F-9015-4BB82D59E85B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock."
},
{
"lang": "es",
"value": "setMarkdown en Qt versiones anteriores a la versi\u00f3n5.14.2, tiene una vulnerabilidad de uso de la memoria previamente liberada relacionada con la funci\u00f3n QTextMarkdownImporter::insertBlock."
}
],
"id": "CVE-2020-12267",
"lastModified": "2024-11-21T04:59:24.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-27T02:15:12.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/291706"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/291706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-38"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-24 21:15
Modified
2025-03-20 21:31
Severity ?
Summary
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/524864 | Patch, Product | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/524865/3 | Patch, Product | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/524864 | Patch, Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/524865/3 | Patch, Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DB9ED3-EDE9-4AA3-9ECB-9C63C5600879",
"versionEndExcluding": "5.15.17",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3793E806-D388-440B-A9FE-9F3F38DA53C6",
"versionEndExcluding": "6.2.11",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E200056B-1895-4D3A-809F-B8B70067240B",
"versionEndExcluding": "6.5.4",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD7C249-EF02-4DD7-A5E2-FFCFD373C888",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "6.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en la implementaci\u00f3n de HTTP2 en Qt antes de 5.15.17, 6.x antes de 6.2.11, 6.3.x hasta 6.5.x antes de 6.5.4 y 6.6.x antes de 6.6.2. network/access/http2/hpacktable.cpp tiene una comprobaci\u00f3n de desbordamiento de enteros HPack incorrecta."
}
],
"id": "CVE-2023-51714",
"lastModified": "2025-03-20T21:31:13.473",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-24T21:15:25.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Product"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524864"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Product"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524865/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Product"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Product"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/524865/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-22 15:15
Modified
2024-11-21 06:21
Severity ?
Summary
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2021-3481 | Third Party Advisory | |
| secalert@redhat.com | https://bugreports.qt.io/browse/QTBUG-91507 | Exploit, Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1931444 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://codereview.qt-project.org/c/qt/qtsvg/+/337646 | Vendor Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2021-3481 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugreports.qt.io/browse/QTBUG-91507 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1931444 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtsvg/+/337646 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:5.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7FCB6B-872F-4900-A2CF-192AFECC4DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C0A66DBD-439D-45EA-BC80-502314D5B0AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC14C9CB-1965-4659-8254-17EAB448616D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2B6E9814-F9BA-4A0C-8420-DAAB4A810567",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en Qt. Se encontr\u00f3 una vulnerabilidad de lectura fuera de l\u00edmites en QRadialFetchSimd en el archivo qt/qtbase/src/gui/painting/qdrawhelper_p.h en Qt/Qtbase. Este fallo puede conllevar a un acceso no autorizado a la memoria al renderizar y mostrar un archivo Scalable Vector Graphics (SVG) dise\u00f1ado. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos y la disponibilidad de la aplicaci\u00f3n."
}
],
"id": "CVE-2021-3481",
"lastModified": "2024-11-21T06:21:38.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-22T15:15:13.363",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3481"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-16 19:15
Modified
2024-11-21 06:51
Severity ?
Summary
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/393113 | Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/394914 | Patch, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/396020 | Patch, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff | Patch, Vendor Advisory | |
| cve@mitre.org | https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/393113 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/394914 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/396020 | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37B45907-8F77-416A-BD0E-D0F395BF16E0",
"versionEndExcluding": "5.15.9",
"versionStartIncluding": "5.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "458A2EFF-9F2D-4D5E-9605-047B231B41EE",
"versionEndExcluding": "6.2.4",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH."
},
{
"lang": "es",
"value": "En Qt versiones 5.9.x hasta 5.15.x anteriores a 5.15.9 y versiones 6.x anteriores a 6.2.4 en Linux y UNIX, QProcess pod\u00eda ejecutar un binario del directorio de trabajo actual cuando no era encontrado en el PATH"
}
],
"id": "CVE-2022-25255",
"lastModified": "2024-11-21T06:51:53.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-16T19:15:09.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-23 16:54
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.quassel-irc.org/issues/1244 | ||
| secalert@redhat.com | http://quassel-irc.org/node/120 | ||
| secalert@redhat.com | http://seclists.org/oss-sec/2013/q4/74 | ||
| secalert@redhat.com | http://secunia.com/advisories/55194 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/55581 | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-201311-03.xml | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/62923 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/87805 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.quassel-irc.org/issues/1244 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://quassel-irc.org/node/120 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2013/q4/74 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/55194 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/55581 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201311-03.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/62923 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/87805 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quassel-irc | quassel_irc | * | |
| quassel-irc | quassel_irc | 0.1.0 | |
| quassel-irc | quassel_irc | 0.3.0 | |
| quassel-irc | quassel_irc | 0.3.0.1 | |
| quassel-irc | quassel_irc | 0.3.0.2 | |
| quassel-irc | quassel_irc | 0.3.0.3 | |
| quassel-irc | quassel_irc | 0.3.1 | |
| quassel-irc | quassel_irc | 0.4.0 | |
| quassel-irc | quassel_irc | 0.4.1 | |
| quassel-irc | quassel_irc | 0.4.2 | |
| quassel-irc | quassel_irc | 0.4.3 | |
| quassel-irc | quassel_irc | 0.5.0 | |
| quassel-irc | quassel_irc | 0.6.1 | |
| quassel-irc | quassel_irc | 0.6.2 | |
| quassel-irc | quassel_irc | 0.6.3 | |
| quassel-irc | quassel_irc | 0.7.0 | |
| quassel-irc | quassel_irc | 0.7.1 | |
| quassel-irc | quassel_irc | 0.7.2 | |
| quassel-irc | quassel_irc | 0.7.3 | |
| quassel-irc | quassel_irc | 0.7.4 | |
| quassel-irc | quassel_irc | 0.8.0 | |
| postgresql | postgresql | 8.2 | |
| postgresql | postgresql | 8.2.1 | |
| postgresql | postgresql | 8.2.2 | |
| postgresql | postgresql | 8.2.3 | |
| postgresql | postgresql | 8.2.4 | |
| postgresql | postgresql | 8.2.5 | |
| postgresql | postgresql | 8.2.6 | |
| postgresql | postgresql | 8.2.7 | |
| postgresql | postgresql | 8.2.8 | |
| postgresql | postgresql | 8.2.9 | |
| postgresql | postgresql | 8.2.10 | |
| postgresql | postgresql | 8.2.11 | |
| postgresql | postgresql | 8.2.12 | |
| postgresql | postgresql | 8.2.13 | |
| postgresql | postgresql | 8.2.14 | |
| postgresql | postgresql | 8.2.15 | |
| postgresql | postgresql | 8.2.16 | |
| postgresql | postgresql | 8.2.17 | |
| postgresql | postgresql | 8.2.18 | |
| postgresql | postgresql | 8.3 | |
| postgresql | postgresql | 8.3.1 | |
| postgresql | postgresql | 8.3.2 | |
| postgresql | postgresql | 8.3.3 | |
| postgresql | postgresql | 8.3.4 | |
| postgresql | postgresql | 8.3.5 | |
| postgresql | postgresql | 8.3.6 | |
| postgresql | postgresql | 8.3.7 | |
| postgresql | postgresql | 8.3.8 | |
| postgresql | postgresql | 8.3.9 | |
| postgresql | postgresql | 8.3.10 | |
| postgresql | postgresql | 8.3.11 | |
| postgresql | postgresql | 8.3.12 | |
| postgresql | postgresql | 8.3.13 | |
| postgresql | postgresql | 8.3.14 | |
| postgresql | postgresql | 8.3.15 | |
| postgresql | postgresql | 8.3.16 | |
| postgresql | postgresql | 8.3.17 | |
| postgresql | postgresql | 8.3.18 | |
| postgresql | postgresql | 8.3.19 | |
| postgresql | postgresql | 8.3.20 | |
| postgresql | postgresql | 8.3.21 | |
| postgresql | postgresql | 8.3.22 | |
| postgresql | postgresql | 8.4 | |
| postgresql | postgresql | 8.4.1 | |
| postgresql | postgresql | 8.4.2 | |
| postgresql | postgresql | 8.4.3 | |
| postgresql | postgresql | 8.4.4 | |
| postgresql | postgresql | 8.4.5 | |
| postgresql | postgresql | 8.4.6 | |
| postgresql | postgresql | 8.4.7 | |
| postgresql | postgresql | 8.4.8 | |
| postgresql | postgresql | 8.4.9 | |
| postgresql | postgresql | 8.4.10 | |
| postgresql | postgresql | 8.4.11 | |
| postgresql | postgresql | 8.4.12 | |
| postgresql | postgresql | 8.4.13 | |
| postgresql | postgresql | 8.4.14 | |
| postgresql | postgresql | 8.4.15 | |
| postgresql | postgresql | 8.4.16 | |
| postgresql | postgresql | 9.0 | |
| postgresql | postgresql | 9.0.1 | |
| postgresql | postgresql | 9.0.2 | |
| postgresql | postgresql | 9.0.3 | |
| postgresql | postgresql | 9.0.4 | |
| postgresql | postgresql | 9.0.5 | |
| postgresql | postgresql | 9.0.6 | |
| postgresql | postgresql | 9.0.7 | |
| postgresql | postgresql | 9.0.8 | |
| postgresql | postgresql | 9.0.9 | |
| postgresql | postgresql | 9.0.10 | |
| postgresql | postgresql | 9.0.11 | |
| postgresql | postgresql | 9.0.12 | |
| postgresql | postgresql | 9.1 | |
| postgresql | postgresql | 9.1.1 | |
| postgresql | postgresql | 9.1.2 | |
| postgresql | postgresql | 9.1.3 | |
| postgresql | postgresql | 9.1.4 | |
| postgresql | postgresql | 9.1.5 | |
| postgresql | postgresql | 9.1.6 | |
| postgresql | postgresql | 9.1.7 | |
| postgresql | postgresql | 9.1.8 | |
| postgresql | postgresql | 9.2 | |
| postgresql | postgresql | 9.2.1 | |
| postgresql | postgresql | 9.2.2 | |
| postgresql | postgresql | 9.2.3 | |
| quassel-irc | quassel_irc | * | |
| quassel-irc | quassel_irc | 0.1.0 | |
| quassel-irc | quassel_irc | 0.3.0 | |
| quassel-irc | quassel_irc | 0.3.0.1 | |
| quassel-irc | quassel_irc | 0.3.0.2 | |
| quassel-irc | quassel_irc | 0.3.0.3 | |
| quassel-irc | quassel_irc | 0.3.1 | |
| quassel-irc | quassel_irc | 0.4.0 | |
| quassel-irc | quassel_irc | 0.4.1 | |
| quassel-irc | quassel_irc | 0.4.2 | |
| quassel-irc | quassel_irc | 0.4.3 | |
| quassel-irc | quassel_irc | 0.5.0 | |
| quassel-irc | quassel_irc | 0.6.1 | |
| quassel-irc | quassel_irc | 0.6.2 | |
| quassel-irc | quassel_irc | 0.6.3 | |
| quassel-irc | quassel_irc | 0.7.0 | |
| quassel-irc | quassel_irc | 0.7.1 | |
| quassel-irc | quassel_irc | 0.7.2 | |
| quassel-irc | quassel_irc | 0.7.3 | |
| quassel-irc | quassel_irc | 0.7.4 | |
| quassel-irc | quassel_irc | 0.8.0 | |
| qt | qt | 4.8.5 | |
| qt | qt | 5.0.0 | |
| qt | qt | 5.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "170E86C5-BBF5-428C-ADA6-3A15EBDA4E19",
"versionEndIncluding": "0.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1433FF02-5809-4437-81C9-F3DDBEEBDF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "757EAC47-2700-4328-91AA-E530629C1ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753CCF-AA7D-4691-87A2-E9D8E3C6B907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01E3D0A4-E754-4730-B926-FEDEE7967356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A85C99B-79A9-4FAF-BA6F-C4137D9FA709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "862BCFFB-C188-423B-B66B-B34E65958F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34CDFCD1-7992-4AAC-9357-1B20C477A3D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "297A53B8-257A-4730-A745-06451A993DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831DBB69-C22C-466A-AA01-F8D89AF2516B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A85F092-B58B-461C-A81C-C237EBEB9575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E09B40EF-B855-4CE4-B1D2-9FEA960C2F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C0DA4-45C8-4D40-9736-CCF133629C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68EE8417-05A3-4CAB-8540-20DD34EB6E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0887210F-24D0-4E24-87B4-0F07764CA891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FEC0F5-4EAE-48EE-848C-E3BD14CCE65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06385037-D229-4A07-B1A6-1989BDA19C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA572CB3-5A7F-4BBC-B01D-97412ECE3CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7079BD-A592-4947-86CB-A1CEAC0B1207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C40856E-C88B-42D1-B5A7-F1E1E5FFDD59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE7000F-0920-4CFC-8619-7C49F6120FF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7213327F-6909-43A7-952E-11600C28D4E3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10EF0EA6-C8B6-40A7-A3AE-8639CA94D5C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F645F3-9767-4FD8-94EB-1096DF24E6C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C342A823-EF6F-4557-9F9E-D8893EA4C2BA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B85A443F-0802-412F-9AEE-3525311C93D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "06253BA8-7F1E-4C79-9B2E-197307A627F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A213AB8-A5FE-4062-B895-2FC4B19F60A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3F083E-59A8-41B1-826F-2CA39BD425C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DE49E2D5-8EAC-49C7-B704-E626FBE7EC35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A5059B2F-B588-463E-8E96-BC9DA129C12E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C919AF97-9713-44F8-B742-89C438DB0B48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "400BBC62-5D03-465B-A864-9CD479B963F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8C96F7-7F85-4E47-A05F-15E3C70AF583",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6C236CF1-72C0-4C3D-AE04-B67E3F18EEC8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC98D47-8B3C-4DE6-8C45-F5B92266027F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C170C441-619A-48DB-9332-05FA4E62C342",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "053A2531-CFAA-466D-811C-A6154826D596",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "84A3D04C-2739-474C-B659-CBCFA574198B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8D38CF1E-A944-4F7A-BECE-F8DF2589C873",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A705DF-3654-427F-8B11-62DB0B6C9813",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05AD5D33-86F4-4BFF-BA84-02AA1347BEEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02FDCF30-D0F7-48AA-9633-9CC060495F47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "788975F6-B3F1-4C21-B963-6BA59F14B71C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E6713D96-338B-4467-9F05-3153997F62E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "01EB1A77-92AD-47FB-8290-D05C9B6C19C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74857259-30C7-422D-A24D-BE1E33F09466",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD80066B-787E-496B-88FD-F0AE291468C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "88C9F0AB-A125-4DCD-A02B-E04D4D95FB5D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF13F89-F4C3-43EC-A36A-2F9283E923B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F2631F09-73DD-4A28-8082-3939D89DDBE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "82DDE9E7-EBF9-452B-8380-F9E87CF30ACA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BAE68CF-198D-4F01-92F3-4DED7E50ACA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "EF798CBC-C8BB-4F88-A927-B385A0DD8F19",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BF8F568F-7D23-4553-95C5-C7C6B6584EB7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DB64EA-DE7B-4CA4-8121-90612409152D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7A932403-9187-471B-BE65-4B6907D57D1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC6D76B-EF54-4F03-84BB-4CEAE31C4FFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4CDA93-AEF6-489E-A5A1-BDC62BC9707B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "6866FCCB-1E43-4D8A-BC89-F06CB7A904B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1198129D-E814-4BB8-88DA-E500EB65E01D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1937DF43-31CA-4AB8-8832-96AAD73A7FCF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "59AC452F-3902-4E6C-856D-469C87AAC1C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F30CA60-0A82-45CD-8044-CE245393593D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C991F71-1E27-47A6-97DC-424FC3EF6011",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5740C7AA-1772-41D8-9851-3E3669CD8521",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "970338CD-A680-4DD0-BD27-459B0DDA4002",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A99C579D-44C0-40A4-A4EB-CBCF40D0C2FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9E57FA-5EAE-4698-992D-146C6310E0B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C66CDEC1-FB2E-49B7-A8BE-38E43C8ED652",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87DF2937-9C51-4768-BAB1-901BCA636ADD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "515C0ECD-2D95-4B6E-8E2F-DAF94E4A310F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0EB754-7A71-40FA-9EAD-44914EB758C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1089D316-D5A3-4F2D-9E52-57FD626A1D06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F17D9158-E85A-4436-9180-E8546CF8F290",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "64CBBE6E-8FDA-46AD-96A9-8C6CFFE97ABC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A0D13E-6B06-42E9-BEB9-C8FCC3A4E2ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AB79FB06-4712-4DE8-8C0B-5CEE8530828D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7054A3D4-8C52-4636-B135-1078B8DF1D5D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A6763B2A-00C4-4AAB-8769-9AAEE4BAA603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD4DE67-9E3C-4F79-8AAB-344C1C46C618",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB718D2-97AA-4D61-AA4B-2216EEF55F67",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "605C06BF-54A0-40F8-A01E-8641B4A83035",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1F5B75-78D5-408E-8148-CA23DCED9CBB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "88DE8C27-0E0A-4428-B25D-054D4FC6FEA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F609DDE4-0858-4F83-B8E6-7870196E21CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "349F02AF-013E-4264-9717-010293A3D6E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "047926F2-846A-4870-9640-9A4F2804D71B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0165D8-0BFA-4D46-95A3-45A03DC086FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6CF6A0-43DC-4C64-A3C4-01EB36F6672B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8251C0-9CAE-4608-BC11-75646A601408",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AC024E5D-122D-4E3D-AD24-759AB5940F20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "723336B5-405A-4236-A507-2C26E591CF49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796DBEC-FF4F-4749-90D5-AD83D8B5E086",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79108278-D644-4506-BD9C-F464C6E817B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10CF0AA0-41CD-4D50-BA7A-BF8846115C95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "965E1A9D-BB23-4C0B-A9CA-54A1855055B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F37C66-0AFE-4D59-8867-BDBCE656774E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE53AE6-232C-4068-98D1-7749007C3CFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD38139-FD17-41E7-8D10-7731D8203CFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC0B41F-38FF-4D41-9E31-D666A84BB2FC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A591CB08-5CEB-45EB-876F-417DCD60AF53",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD27648F-E2FF-4779-97F9-2632DCC6B16D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEFB4916-8B59-4534-804C-CF9DA1B18508",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3413A3AB-45A3-48E1-9B30-1194C4E7D49D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5760CE83-4802-42A0-9338-E1E634882450",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "170E86C5-BBF5-428C-ADA6-3A15EBDA4E19",
"versionEndIncluding": "0.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1433FF02-5809-4437-81C9-F3DDBEEBDF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "757EAC47-2700-4328-91AA-E530629C1ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753CCF-AA7D-4691-87A2-E9D8E3C6B907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01E3D0A4-E754-4730-B926-FEDEE7967356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A85C99B-79A9-4FAF-BA6F-C4137D9FA709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "862BCFFB-C188-423B-B66B-B34E65958F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34CDFCD1-7992-4AAC-9357-1B20C477A3D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "297A53B8-257A-4730-A745-06451A993DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831DBB69-C22C-466A-AA01-F8D89AF2516B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A85F092-B58B-461C-A81C-C237EBEB9575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E09B40EF-B855-4CE4-B1D2-9FEA960C2F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C0DA4-45C8-4D40-9736-CCF133629C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68EE8417-05A3-4CAB-8540-20DD34EB6E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0887210F-24D0-4E24-87B4-0F07764CA891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FEC0F5-4EAE-48EE-848C-E3BD14CCE65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06385037-D229-4A07-B1A6-1989BDA19C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA572CB3-5A7F-4BBC-B01D-97412ECE3CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7079BD-A592-4947-86CB-A1CEAC0B1207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C40856E-C88B-42D1-B5A7-F1E1E5FFDD59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quassel-irc:quassel_irc:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE7000F-0920-4CFC-8619-7C49F6120FF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "581FF62C-BD93-485C-A5BA-E5EBFEDC45C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \\ (backslash) in a message."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Quassel IRC anterior a la versi\u00f3n 0.9.1, cuando Qt 4.8.5 o posteriores y PostgreSQL 8.2 o posteriores son usados, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de una \\ (barra invertida) en un mensaje."
}
],
"id": "CVE-2013-4422",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-23T16:54:28.907",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.quassel-irc.org/issues/1244"
},
{
"source": "secalert@redhat.com",
"url": "http://quassel-irc.org/node/120"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q4/74"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55194"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/55581"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/62923"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.quassel-irc.org/issues/1244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://quassel-irc.org/node/120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/74"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-24 01:15
Modified
2025-06-30 12:15
Severity ?
Summary
In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9BC986-6B1D-4120-8D3E-6AD8C7BC644E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC7A07E-00FD-4FF9-A805-B912225AF881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F923B539-94AE-426D-B7FB-367101FFA7A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)"
},
{
"lang": "es",
"value": "En Qt anterior a 6.5.6 y 6.6.x anterior a 6.6.3, el componente wasm puede acceder a los datos del encabezado QNetworkReply a trav\u00e9s de un puntero colgante."
}
],
"id": "CVE-2024-30161",
"lastModified": "2025-06-30T12:15:59.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-24T01:15:45.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/544314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/544314"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-12 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html | Patch, Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.qt-project.org/pipermail/announce/2015-April/000067.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/74307 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securityfocus.com/bid/74310 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-2626-1 | ||
| secalert@redhat.com | https://security.gentoo.org/glsa/201603-10 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.qt-project.org/pipermail/announce/2015-April/000067.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74307 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74310 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2626-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201603-10 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86E76F78-582E-4473-BF2F-70452F0B6AD5",
"versionEndIncluding": "4.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20079A6C-A3B9-4492-BC1F-A3B668F326D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E42429B-0123-428E-AD62-23000CDF7343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D60AFED7-9707-4FB7-817D-E2DE4BCABE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2980C52-9843-4A39-B164-76E9583F2D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en plugins/imageformats/ico/qicohandler.cpp en el m\u00f3dulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n y ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen ICO manipulada."
}
],
"id": "CVE-2015-1859",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-12T19:59:05.957",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74307"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/74310"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201603-10"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-24 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html | ||
| secalert@redhat.com | http://lists.qt-project.org/pipermail/announce/2012-November/000014.html | ||
| secalert@redhat.com | http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71 | ||
| secalert@redhat.com | http://secunia.com/advisories/52217 | Vendor Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/12/04/8 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1723-1 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=883415 | ||
| secalert@redhat.com | https://codereview.qt-project.org/#change%2C40034 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.qt-project.org/pipermail/announce/2012-November/000014.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/52217 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/12/04/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1723-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=883415 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#change%2C40034 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digia | qt | * | |
| qt | qt | 1.41 | |
| qt | qt | 1.42 | |
| qt | qt | 1.43 | |
| qt | qt | 1.44 | |
| qt | qt | 1.45 | |
| qt | qt | 2.0.0 | |
| qt | qt | 2.0.1 | |
| qt | qt | 2.0.2 | |
| qt | qt | 3.3.0 | |
| qt | qt | 3.3.1 | |
| qt | qt | 3.3.2 | |
| qt | qt | 3.3.3 | |
| qt | qt | 3.3.4 | |
| qt | qt | 3.3.5 | |
| qt | qt | 3.3.6 | |
| qt | qt | 4.0.0 | |
| qt | qt | 4.0.1 | |
| qt | qt | 4.1.0 | |
| qt | qt | 4.1.1 | |
| qt | qt | 4.1.2 | |
| qt | qt | 4.1.3 | |
| qt | qt | 4.1.4 | |
| qt | qt | 4.1.5 | |
| qt | qt | 4.2.0 | |
| qt | qt | 4.2.1 | |
| qt | qt | 4.2.3 | |
| qt | qt | 4.3.0 | |
| qt | qt | 4.3.1 | |
| qt | qt | 4.3.2 | |
| qt | qt | 4.3.3 | |
| qt | qt | 4.3.4 | |
| qt | qt | 4.3.5 | |
| qt | qt | 4.4.0 | |
| qt | qt | 4.4.1 | |
| qt | qt | 4.4.2 | |
| qt | qt | 4.4.3 | |
| qt | qt | 4.5.0 | |
| qt | qt | 4.5.1 | |
| qt | qt | 4.5.2 | |
| qt | qt | 4.5.3 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.1 | |
| qt | qt | 4.6.2 | |
| qt | qt | 4.6.3 | |
| qt | qt | 4.6.4 | |
| qt | qt | 4.6.5 | |
| qt | qt | 4.6.5 | |
| qt | qt | 4.7.0 | |
| qt | qt | 4.7.1 | |
| qt | qt | 4.7.2 | |
| qt | qt | 4.7.3 | |
| qt | qt | 4.7.4 | |
| qt | qt | 4.7.5 | |
| qt | qt | 4.7.6 | |
| qt | qt | 4.7.6 | |
| qt | qt | 4.8.0 | |
| qt | qt | 4.8.1 | |
| qt | qt | 4.8.2 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F547829-91BE-4BF6-A19E-E592BC15FD8A",
"versionEndIncluding": "4.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "57FBB4FA-43C6-432F-94FD-BAADF4DD7CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "30245B99-C5CB-4FDA-B70F-2CB7FA7BDF43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.43:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9FC7F3-02BD-485A-AA1B-C5067F384683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA3424C-8257-445D-A9DC-1CD562651DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D954A35A-9BB8-4415-910D-C4AAEA2F5664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67C5548D-2A34-4AAE-A43F-373D4C7F5B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90E4F51F-52B4-4AB9-926C-EEDAC2052E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6D3319-130D-49BF-8395-90E9F4D8583C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D26BBF-106F-48C8-9D57-CF080486DB64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "026716CE-6BA5-4FC4-8BD3-BF5430DEBE99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52BF63BD-E6FA-49AA-9627-7EDAD7939531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27EBEAE0-C1DF-46E4-9E2A-B333912A4950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCDBB15-4E26-48F0-A266-CA059CFEE596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A07F27DC-47A4-4EF2-91CC-81863D015B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58E53D3A-665D-4EEE-82EF-4EDBD194B475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A12D978-B6FF-4C67-97D4-91A285C47813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBD073E-F3E0-4273-81E9-AF010B711F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D58ACBA-7DF3-403A-AC0E-94749383C750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D16BB8CE-3871-4DFA-84BB-C089894437D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE12FD7-2FB2-444A-A660-86294646F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5596442-5608-439B-8BE6-53A70F20C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29FD745E-4B61-417F-BC66-386877E75351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5CFCD4-6CB1-489D-9619-B0169EA1719C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "510C5795-4E61-470F-BE62-A6732F4F0341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.5:rc:*:*:*:*:*:*",
"matchCriteriaId": "88365332-FA7E-42A6-BC52-4517EAAC90B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC1BC2C-6D99-463F-9326-AF9B468E03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "342A67CF-B332-46D1-A3FF-604552953C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9239A893-506A-4853-8B00-FCDE5EC3E5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6196C5-BB95-447A-B610-4765AB702F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E398049-C78A-452C-9FBF-E32DC86BDBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8A505785-5597-4F5D-99A3-D143C1CCBFBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.6:rc:*:*:*:*:*:*",
"matchCriteriaId": "6E5EF3D1-6BD5-4488-A18C-79E26E87CFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B307395A-36B6-4F54-92C9-D732580F3EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D0CB6E-5275-4D51-81F1-84D456F936B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "214A1125-FBE9-433D-8B05-10595CD59F24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."
},
{
"lang": "es",
"value": "El objeto XMLHttpRequest en Qt anterior a v4.8.4 permite la redirecci\u00f3n http al fichero scheme, lo que permite llevar a atacantes de hombre-en-medio (man-in-the-middle) forzar la lectura de ficheros locales arbitrarios y posiblemente obtener informaci\u00f3n sensible mediante un fichero: URL para una aplicaci\u00f3n QML."
}
],
"evaluatorComment": "Per http://www.ubuntu.com/usn/USN-1723-1/\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n Ubuntu 12.10\r\n Ubuntu 12.04 LTS\r\n Ubuntu 11.10\r\n Ubuntu 10.04 LTS\r\n",
"id": "CVE-2012-5624",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-02-24T19:55:00.830",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"source": "secalert@redhat.com",
"url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52217"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
},
{
"source": "secalert@redhat.com",
"url": "https://codereview.qt-project.org/#change%2C40034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.qt-project.org/#change%2C40034"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-06 12:05
Modified
2025-04-11 00:51
Severity ?
Summary
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html | ||
| secalert@redhat.com | http://lists.qt-project.org/pipermail/announce/2013-February/000023.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2013-0669.html | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=907425 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.qt-project.org/pipermail/announce/2013-February/000023.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2013-0669.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=907425 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | 1.41 | |
| qt | qt | 1.42 | |
| qt | qt | 1.43 | |
| qt | qt | 1.44 | |
| qt | qt | 1.45 | |
| qt | qt | 2.0.0 | |
| qt | qt | 2.0.1 | |
| qt | qt | 2.0.2 | |
| qt | qt | 3.3.0 | |
| qt | qt | 3.3.1 | |
| qt | qt | 3.3.2 | |
| qt | qt | 3.3.3 | |
| qt | qt | 3.3.4 | |
| qt | qt | 3.3.5 | |
| qt | qt | 3.3.6 | |
| qt | qt | 4.0.0 | |
| qt | qt | 4.0.1 | |
| qt | qt | 4.1.0 | |
| qt | qt | 4.1.1 | |
| qt | qt | 4.1.2 | |
| qt | qt | 4.1.3 | |
| qt | qt | 4.1.4 | |
| qt | qt | 4.1.5 | |
| qt | qt | 4.2.0 | |
| qt | qt | 4.2.1 | |
| qt | qt | 4.2.3 | |
| qt | qt | 4.3.0 | |
| qt | qt | 4.3.1 | |
| qt | qt | 4.3.2 | |
| qt | qt | 4.3.3 | |
| qt | qt | 4.3.4 | |
| qt | qt | 4.3.5 | |
| qt | qt | 4.4.0 | |
| qt | qt | 4.4.1 | |
| qt | qt | 4.4.2 | |
| qt | qt | 4.4.3 | |
| qt | qt | 4.5.0 | |
| qt | qt | 4.5.1 | |
| qt | qt | 4.5.2 | |
| qt | qt | 4.5.3 | |
| qt | qt | 4.6.0 | |
| qt | qt | 4.6.1 | |
| qt | qt | 4.6.2 | |
| qt | qt | 4.6.3 | |
| qt | qt | 4.6.4 | |
| qt | qt | 4.6.5 | |
| qt | qt | 4.7.0 | |
| qt | qt | 4.7.1 | |
| qt | qt | 4.7.2 | |
| qt | qt | 4.7.3 | |
| qt | qt | 4.7.4 | |
| qt | qt | 4.7.5 | |
| qt | qt | 4.7.6 | |
| qt | qt | 4.8.0 | |
| qt | qt | 4.8.1 | |
| qt | qt | 4.8.2 | |
| qt | qt | 4.8.3 | |
| qt | qt | 4.8.4 | |
| qt | qt | 4.8.5 | |
| qt | qt | 5.0.0 | |
| qt | qt | 5.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "57FBB4FA-43C6-432F-94FD-BAADF4DD7CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "30245B99-C5CB-4FDA-B70F-2CB7FA7BDF43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.43:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9FC7F3-02BD-485A-AA1B-C5067F384683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA3424C-8257-445D-A9DC-1CD562651DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D954A35A-9BB8-4415-910D-C4AAEA2F5664",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67C5548D-2A34-4AAE-A43F-373D4C7F5B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90E4F51F-52B4-4AB9-926C-EEDAC2052E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6D3319-130D-49BF-8395-90E9F4D8583C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52D26BBF-106F-48C8-9D57-CF080486DB64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "026716CE-6BA5-4FC4-8BD3-BF5430DEBE99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52BF63BD-E6FA-49AA-9627-7EDAD7939531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27EBEAE0-C1DF-46E4-9E2A-B333912A4950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCDBB15-4E26-48F0-A266-CA059CFEE596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A07F27DC-47A4-4EF2-91CC-81863D015B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58E53D3A-665D-4EEE-82EF-4EDBD194B475",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A12D978-B6FF-4C67-97D4-91A285C47813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBD073E-F3E0-4273-81E9-AF010B711F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D58ACBA-7DF3-403A-AC0E-94749383C750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D16BB8CE-3871-4DFA-84BB-C089894437D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE12FD7-2FB2-444A-A660-86294646F8A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5596442-5608-439B-8BE6-53A70F20C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29FD745E-4B61-417F-BC66-386877E75351",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5CFCD4-6CB1-489D-9619-B0169EA1719C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "510C5795-4E61-470F-BE62-A6732F4F0341",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC1BC2C-6D99-463F-9326-AF9B468E03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "342A67CF-B332-46D1-A3FF-604552953C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9239A893-506A-4853-8B00-FCDE5EC3E5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6196C5-BB95-447A-B610-4765AB702F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E398049-C78A-452C-9FBF-E32DC86BDBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8A505785-5597-4F5D-99A3-D143C1CCBFBD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B307395A-36B6-4F54-92C9-D732580F3EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D0CB6E-5275-4D51-81F1-84D456F936B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "214A1125-FBE9-433D-8B05-10595CD59F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7CC6B1-7E40-4D6A-94CF-7412EA3F8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "062A62AA-EC5B-4D8E-9337-D25DF4FE56FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:4.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "581FF62C-BD93-485C-A5BA-E5EBFEDC45C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server."
},
{
"lang": "es",
"value": "La clase QSharedMemory en Qt v5.0.0, v4.8.x anterior a v4.8.5, v4.7.x anterior a v4.7.6, y otras versiones incluida la v4.4.0 utiliza permisos d\u00e9biles (escritura y lectura para todos los usuarios) para segmentos de memoria compartida, lo que permite a usuarios locales leer informacion sensible o modificar datos cr\u00edticos del programa, como se demostr\u00f3 mediante la lectura de un pixmap enviado al servidor X."
}
],
"id": "CVE-2013-0254",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-06T12:05:43.647",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0669.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0669.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907425"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-28 23:15
Modified
2025-03-05 18:52
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/476140 | Patch | |
| cve@mitre.org | https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305 | Patch | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html | Third Party Advisory | |
| cve@mitre.org | https://lists.qt-project.org/pipermail/announce/2023-May/000414.html | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/476140 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.qt-project.org/pipermail/announce/2023-May/000414.html | Mailing List, Patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4BEFC6-2BE4-4E9E-8357-AE2243D6A6E5",
"versionEndExcluding": "5.15.14",
"versionStartIncluding": "5.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513DDB0D-A132-4046-8B49-D2776E585826",
"versionEndExcluding": "6.2.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "116DC3F0-630E-43F6-AD19-0ABB41CF3D70",
"versionEndExcluding": "6.5.1",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match."
}
],
"id": "CVE-2023-32762",
"lastModified": "2025-03-05T18:52:55.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-28T23:15:09.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/476140"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.qt-project.org/pipermail/announce/2023-May/000414.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/476140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.qt-project.org/pipermail/announce/2023-May/000414.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-28 21:15
Modified
2024-11-21 04:02
Severity ?
Summary
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugreports.qt.io/browse/QTBUG-70693 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugreports.qt.io/browse/QTBUG-70693 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0679A9C-0004-4EB6-8813-78FFB72F7680",
"versionEndIncluding": "5.14.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption)."
},
{
"lang": "es",
"value": "En Qt versiones hasta 5.14.1, la implementaci\u00f3n de WebSocket acepta hasta 2GB para tramas y 2GB para mensajes. Los l\u00edmites m\u00e1s peque\u00f1os no pueden ser configurados. Esto hace m\u00e1s f\u00e1cil para los atacantes causar una denegaci\u00f3n de servicio (consumo de memoria)"
}
],
"id": "CVE-2018-21035",
"lastModified": "2024-11-21T04:02:44.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-28T21:15:12.790",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-70693"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-70693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-10 06:15
Modified
2025-01-27 21:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtsvg/+/474093 | Patch | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtsvg/+/474093 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| qt | qt | * | |
| qt | qt | * | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "006030F9-35BF-489D-8C3F-14ECF93518C3",
"versionEndExcluding": "5.15.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513DDB0D-A132-4046-8B49-D2776E585826",
"versionEndExcluding": "6.2.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "116DC3F0-630E-43F6-AD19-0ABB41CF3D70",
"versionEndExcluding": "6.5.1",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled."
}
],
"id": "CVE-2023-32573",
"lastModified": "2025-01-27T21:15:11.243",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-10T06:15:19.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/474093"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/474093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-02 15:15
Modified
2024-11-21 06:52
Severity ?
Summary
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/396440 | Patch, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/396689 | Patch, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690 | Broken Link | |
| cve@mitre.org | https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff | Patch, Vendor Advisory | |
| cve@mitre.org | https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/396440 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/396689 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE0E420-E881-4893-948F-4ED9C590E2BC",
"versionEndIncluding": "5.15.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34D0AEC9-E2D5-4E2D-9099-3A257273BB27",
"versionEndIncluding": "6.2.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory."
},
{
"lang": "es",
"value": "Qt versiones hasta 5.15.8 y versiones 6.x hasta 6.2.3, pueden cargar archivos de biblioteca del sistema desde un directorio de trabajo no deseado"
}
],
"id": "CVE-2022-25634",
"lastModified": "2024-11-21T06:52:28.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-02T15:15:08.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396440"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396689"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/396689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-23 17:15
Modified
2024-11-21 04:53
Severity ?
Summary
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | ax201_firmware | * | |
| intel | ax201 | - | |
| intel | ax200_firmware | * | |
| intel | ax200 | - | |
| intel | ac_9560_firmware | * | |
| intel | ac_9560 | - | |
| intel | ac_9462_firmware | * | |
| intel | ac_9462 | - | |
| intel | ac_9461_firmware | * | |
| intel | ac_9461 | - | |
| intel | ac_9260_firmware | * | |
| intel | ac_9260 | - | |
| intel | ac_8265_firmware | * | |
| intel | ac_8265 | - | |
| intel | ac_8260_firmware | * | |
| intel | ac_8260 | - | |
| intel | ac_3168_firmware | * | |
| intel | ac_3168 | - | |
| intel | 7265_firmware | * | |
| intel | 7265 | - | |
| intel | ac_3165_firmware | * | |
| intel | ac_3165 | - | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| opensuse | leap | 15.1 | |
| qt | qt | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ax201_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE813C6-E7E3-47CE-BE67-1CAF309E0FE1",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ax201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4649D446-130B-4B31-B9ED-BA7F9F7EEB8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD322BEE-2ECD-4609-83CA-C8872626E971",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9903E2E-A670-40D4-8B9F-D2C0CFDBFC9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_9560_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18BC7557-FA1D-4167-9603-8FDE808EACAD",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_9560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D382D4A1-C8FD-4B47-B2C4-145232EC8AC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_9462_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD0347A-0E52-485A-83A7-A81B49291E83",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_9462:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E89EB0D-233A-486A-BDAE-F5726432CD7E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_9461_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C08E0594-9993-467A-B4D8-1F1249F60901",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_9461:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A11E55E8-5FA9-4ED7-AB61-03F22EE1759B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_9260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAC7879-1154-44B5-BC95-1AF773635972",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_9260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2795E42-D044-4D48-BCB2-61CC1A3471B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_8265_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B11EBD5-6001-4C17-A8F4-DECAD3A013D5",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_8265:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08E2F3E-C4B5-4227-A88D-C50E209A12CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_8260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D020CC57-8C1D-45CE-A64B-635D6367FC67",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_8260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A8F30C-6BB7-4CC6-ADBE-1859DAF66C58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_3168_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0840C384-D43E-4298-9BD6-664D188D8A33",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_3168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5B2BCE-2D8A-440C-B866-76E035314022",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:7265_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D16BDDDC-B281-41BA-802A-E626B472C366",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:7265:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F957A9E7-E2D2-48D7-8E4D-B264A72C59C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_3165_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B99E6CF2-DB88-496B-B9B2-A533AA537C61",
"versionEndExcluding": "21.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_3165:-:*:*:*:*:*:*:*",
"matchCriteriaId": "197A3DA1-B8EF-438F-B933-32253C43C8EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FC86A8-54E9-4A65-BE62-13D7D194F5A4",
"versionEndIncluding": "5.13.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": "Una escritura fuera de l\u00edmites en los productos Intel\u00ae PROSet/Wireless WiFi en Windows 10 puede habilitar a un usuario autenticado para permitir potencialmente una denegaci\u00f3n de servicio por medio de un acceso local"
}
],
"id": "CVE-2020-0569",
"lastModified": "2024-11-21T04:53:46.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-23T17:15:12.187",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-09 00:15
Modified
2024-11-21 05:02
Severity ?
Summary
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugreports.qt.io/browse/QTBUG-83450 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://github.com/mumble-voip/mumble/issues/3679 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/mumble-voip/mumble/pull/4032 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/ | ||
| cve@mitre.org | https://security.gentoo.org/glsa/202007-18 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugreports.qt.io/browse/QTBUG-83450 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mumble-voip/mumble/issues/3679 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mumble-voip/mumble/pull/4032 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202007-18 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mumble:mumble:1.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "24EBDE3F-51DC-4E90-B214-5370E19D7653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9AB8E0-BB7E-4EC8-991F-2A2D826B0032",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.12.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE43F06-DFE8-466D-A9BC-FEA2B1BC069B",
"versionEndIncluding": "5.13.2",
"versionStartIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "044BF1F4-4129-47C8-BEF5-DD15555D9A98",
"versionEndIncluding": "5.14.2",
"versionStartIncluding": "5.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL\u0027s error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)"
},
{
"lang": "es",
"value": "Qt versiones 5.12.2 hasta 5.14.2, como es usado en compilaciones no oficiales de Mumble versi\u00f3n 1.3.0 y otros productos, maneja inapropiadamente la cola de errores de OpenSSL, lo que puede ser capaz de causar una denegaci\u00f3n de servicio a usuarios de QSslSocket. Debido a que los errores se filtran en sesiones TLS no relacionadas, una sesi\u00f3n no relacionada puede ser desconectada cuando se comete un fallo en cualquier protocolo de enlace. (Mumble versi\u00f3n 1.3.1 no est\u00e1 afectado, independientemente de la versi\u00f3n Qt)"
}
],
"id": "CVE-2020-13962",
"lastModified": "2024-11-21T05:02:14.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-09T00:15:10.123",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-83450"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mumble-voip/mumble/issues/3679"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mumble-voip/mumble/pull/4032"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-83450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mumble-voip/mumble/issues/3679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mumble-voip/mumble/pull/4032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-18"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-05 11:29
Modified
2024-11-21 03:58
Severity ?
Summary
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/#/c/243666/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/#/c/244569/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/#/c/244687/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/#/c/244845/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/#/c/245283/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/#/c/245293/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/#/c/245312/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/#/c/245638/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/#/c/245640/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/#/c/246630/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/243666/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/244569/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/244687/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/244845/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/245283/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/245293/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/245312/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/245638/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/245640/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/246630/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29ED6A3C-675B-4254-B941-FD2E0CAE94CD",
"versionEndIncluding": "5.7.1",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50D8AFDB-623E-4CE6-B74F-B99139FAC3D0",
"versionEndIncluding": "5.9.7",
"versionStartIncluding": "5.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADA1C96C-68EA-431D-8FDA-394C20160C7E",
"versionEndIncluding": "5.10.1",
"versionStartIncluding": "5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97E1D882-E815-43F3-ACE6-0F4E31F604EC",
"versionEndExcluding": "5.11.3",
"versionStartIncluding": "5.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD2FCA0-F628-4164-8D32-8191A3004AFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de registro de pulsaciones del teclado en Virtual Keyboard en Qt, en versiones 5.7.x, 5.8.x, 5.9.x, 5.10.x y versiones 5.11.x anteriores a la 5.11.3."
}
],
"id": "CVE-2018-19865",
"lastModified": "2024-11-21T03:58:43.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-05T11:29:06.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/243666/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/244569/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/244687/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/244845/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245283/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245293/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245312/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245638/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245640/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/246630/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/243666/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/244569/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/244687/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/244845/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245283/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245293/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245312/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245638/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/245640/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/246630/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-26 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud_desktop_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A647DF5-F980-495F-A978-FF2C7CD4932D",
"versionEndIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2980C52-9843-4A39-B164-76E9583F2D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression."
},
{
"lang": "es",
"value": "ownCloud Desktop Client en versiones anteriores a 2.0.1, cuando es compliado con un lanzamiento de Qt en versiones posteriores a 5.3.x, no llama a QNetworkReply::ignoreSslErrors con la lista de errores para ser ignorados, lo que hace m\u00e1s f\u00e1cil para atacantes remotos llevar a cabo ataques man-in-the-middle (MITM) aprovechando un servidor utilizando un certificado autofirmado. NOTA: esta vulnerabilidad existe a causa de una regresi\u00f3n parcial de CVE-2015-4456."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/297.html\" target=\"_blank\"\u003eCWE-297: Improper Validation of Certificate with Host Mismatch\u003c/a\u003e",
"id": "CVE-2015-7298",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-26T14:59:10.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-016"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-14 19:15
Modified
2024-11-21 04:53
Severity ?
Summary
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secure@intel.com | https://bugreports.qt.io/browse/QTBUG-81272 | Exploit, Patch, Vendor Advisory | |
| secure@intel.com | https://bugzilla.redhat.com/show_bug.cgi?id=1800604 | Issue Tracking, Patch, Third Party Advisory | |
| secure@intel.com | https://lists.qt-project.org/pipermail/development/2020-January/038534.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugreports.qt.io/browse/QTBUG-81272 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1800604 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.qt-project.org/pipermail/development/2020-January/038534.html | Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| qt | qt | * | |
| qt | qt | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE712F0E-F718-44F5-8D3C-9597BDCFA7F2",
"versionEndExcluding": "5.9.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C20C537-CE28-4732-BCE7-531147012FE4",
"versionEndExcluding": "5.12.7",
"versionStartIncluding": "5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F04F7C8-9824-4D94-A968-E86D2FD8C81E",
"versionEndExcluding": "5.14.0",
"versionStartIncluding": "5.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access."
},
{
"lang": "es",
"value": "Una ruta de b\u00fasqueda no controlada en QT Library versiones anteriores a 5.14.0, 5.12.7 y 5.9.10, puede permitir a un usuario autenticado habilitar potencialmente una elevaci\u00f3n de privilegios por medio un acceso local"
}
],
"id": "CVE-2020-0570",
"lastModified": "2024-11-21T04:53:46.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-14T19:15:10.583",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-81272"
},
{
"source": "secure@intel.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800604"
},
{
"source": "secure@intel.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.qt-project.org/pipermail/development/2020-January/038534.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-81272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.qt-project.org/pipermail/development/2020-January/038534.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-26 21:29
Modified
2024-11-21 03:58
Severity ?
Summary
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2135 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3390 | ||
| cve@mitre.org | https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://codereview.qt-project.org/#/c/235998/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html | ||
| cve@mitre.org | https://usn.ubuntu.com/4003-1/ | ||
| cve@mitre.org | https://www.debian.org/security/2019/dsa-4374 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2135 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3390 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/#/c/235998/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4003-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2019/dsa-4374 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| opensuse | leap | 15.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09F12149-EFFA-4F50-948E-DBDEE0486972",
"versionEndExcluding": "5.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Una imagen GIF mal formada provoca una desreferencia de puntero NULL en QGifHandler, lo que resulta en un fallo de segmentaci\u00f3n."
}
],
"id": "CVE-2018-19870",
"lastModified": "2024-11-21T03:58:43.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-26T21:29:02.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/235998/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/#/c/235998/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4003-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4374"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:00
Modified
2024-11-21 03:58
Severity ?
Summary
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | Patch, Vendor Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugreports.qt.io/browse/QTBUG-69449 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/ | ||
| cve@mitre.org | https://usn.ubuntu.com/4275-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugreports.qt.io/browse/QTBUG-69449 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4275-1/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qt | 5.11.0 | |
| opensuse | leap | 15.0 | |
| fedoraproject | fedora | 28 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6827E6-7B15-423D-89C2-46B5E2D35961",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Qt 5.11. Una imagen PPM mal formada provoca una divisi\u00f3n entre cero y un cierre inesperado en qppmhandler.cpp."
}
],
"id": "CVE-2018-19872",
"lastModified": "2024-11-21T03:58:43.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:00:32.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-69449"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4275-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-69449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4275-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-20 07:15
Modified
2024-11-21 08:11
Severity ?
Summary
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugreports.qt.io/browse/QTBUG-114829 | Exploit | |
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/455027 | Patch | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugreports.qt.io/browse/QTBUG-114829 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/455027 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/ |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19F5F946-5DD7-4F8D-8171-83BB0D9C5048",
"versionEndExcluding": "5.15.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513DDB0D-A132-4046-8B49-D2776E585826",
"versionEndExcluding": "6.2.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "226FFAAF-14BA-4B15-A7DC-40E7CE23947B",
"versionEndExcluding": "6.5.2",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length."
}
],
"id": "CVE-2023-37369",
"lastModified": "2024-11-21T08:11:35.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-20T07:15:08.963",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugreports.qt.io/browse/QTBUG-114829"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/455027"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugreports.qt.io/browse/QTBUG-114829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/455027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3JR3N3IF5MUSETGYE46OZFOGGPY3VZT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZK7EDD4ILPPSQAYO54FANUC4NFYLTHU/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-28 23:15
Modified
2024-11-21 08:04
Severity ?
Summary
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://codereview.qt-project.org/c/qt/qtbase/+/476125 | Patch | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html | ||
| cve@mitre.org | https://lists.qt-project.org/pipermail/announce/2023-May/000413.html | Mailing List, Patch | |
| cve@mitre.org | https://security.gentoo.org/glsa/202402-03 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://codereview.qt-project.org/c/qt/qtbase/+/476125 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.qt-project.org/pipermail/announce/2023-May/000413.html | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202402-03 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19F5F946-5DD7-4F8D-8171-83BB0D9C5048",
"versionEndExcluding": "5.15.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513DDB0D-A132-4046-8B49-D2776E585826",
"versionEndExcluding": "6.2.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "116DC3F0-630E-43F6-AD19-0ABB41CF3D70",
"versionEndExcluding": "6.5.1",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered."
}
],
"id": "CVE-2023-32763",
"lastModified": "2024-11-21T08:04:00.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-28T23:15:09.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/476125"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.qt-project.org/pipermail/announce/2023-May/000413.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202402-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtbase/+/476125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.qt-project.org/pipermail/announce/2023-May/000413.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202402-03"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-16 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65 | Patch, Third Party Advisory | |
| secalert@redhat.com | http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08 | Patch, Third Party Advisory | |
| secalert@redhat.com | http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2011-1323.html | Third Party Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2011-1324.html | Third Party Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2011-1325.html | Third Party Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2011-1326.html | Third Party Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2011-1327.html | Third Party Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2011-1328.html | Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/41537 | Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/46117 | Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/46118 | Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/46119 | Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/46128 | Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/46371 | Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/46410 | Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/49895 | Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/08/22/6 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/08/24/8 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/08/25/1 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.osvdb.org/75652 | Broken Link | |
| secalert@redhat.com | http://www.securityfocus.com/bid/49723 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1504-1 | Third Party Advisory | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/69991 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://hermes.opensuse.org/messages/12056605 | Broken Link | |
| secalert@redhat.com | https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2011-1323.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2011-1324.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2011-1325.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2011-1326.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2011-1327.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2011-1328.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/41537 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46117 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46118 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46119 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46128 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46371 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46410 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49895 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/08/22/6 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/08/24/8 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/08/25/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/75652 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/49723 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1504-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/69991 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hermes.opensuse.org/messages/12056605 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | pango | * | |
| qt | qt | * | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 11.04 | |
| redhat | enterprise_linux_desktop | 4.0 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_eus | 6.1 | |
| redhat | enterprise_linux_server | 4.0 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_workstation | 4.0 | |
| redhat | enterprise_linux_workstation | 5.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| opensuse | opensuse | 11.3 | |
| opensuse | opensuse | 11.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:*",
"matchCriteriaId": "933243F1-16BB-40A7-8F91-675FACE96F76",
"versionEndExcluding": "1.25.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E702DDB3-3A75-44E7-B458-1000C82ECC63",
"versionEndExcluding": "4.7.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEEC943-452C-4A19-B492-5EC8ADE427CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73322DEE-27A6-4D18-88A3-ED7F9CAEABD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5DCF29-6830-45FF-BC88-17E2249C653D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file."
},
{
"lang": "es",
"value": "Desbordamiento de buffer de memoria din\u00e1mica en la funci\u00f3n Lookup_MarkMarkPos del m\u00f3dulo HarfBuzz (harfbuzz-gpos.c), tal como se usa en Qt anteriores a 4.7.4 y Pango. Permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de fuentes modificado."
}
],
"id": "CVE-2011-3193",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-16T00:55:03.297",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1325.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1326.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1327.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41537"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46117"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46118"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46119"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46128"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46371"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46410"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/49895"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/25/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/75652"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49723"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1325.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1326.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1327.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/46410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/49895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/75652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1504-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-12 17:15
Modified
2024-11-21 07:26
Severity ?
Summary
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1650 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B80CA217-D896-4BCF-B385-582CDF21DAD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la API QML QtScript Reflect de Qt Project Qt 6.3.2. Un c\u00f3digo JavaScript especialmente manipulado puede desencadenar un acceso a la memoria fuera de los l\u00edmites, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. La aplicaci\u00f3n de destino necesitar\u00eda acceder a una p\u00e1gina web maliciosa para activar esta vulnerabilidad."
}
],
"id": "CVE-2022-43591",
"lastModified": "2024-11-21T07:26:50.243",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-12T17:15:09.523",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1650"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "talos-cna@cisco.com",
"type": "Primary"
}
]
}