QT : Security Vulnerabilities, CVEs, CVSS score >= 8
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
Max CVSS
9.8
EPSS Score
0.08%
Published
2023-12-24
Updated
2024-01-04
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
Max CVSS
8.8
EPSS Score
0.25%
Published
2023-01-12
Updated
2023-01-20
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
Max CVSS
8.8
EPSS Score
0.25%
Published
2023-01-12
Updated
2023-01-20
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
Max CVSS
9.8
EPSS Score
0.49%
Published
2020-04-27
Updated
2023-01-27
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
Max CVSS
8.6
EPSS Score
0.12%
Published
2020-02-28
Updated
2020-08-24
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
Max CVSS
9.8
EPSS Score
0.77%
Published
2018-12-26
Updated
2020-09-28
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
Max CVSS
8.8
EPSS Score
0.57%
Published
2018-12-26
Updated
2020-09-28
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
Max CVSS
8.8
EPSS Score
1.48%
Published
2018-12-26
Updated
2020-09-28
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
Max CVSS
9.8
EPSS Score
0.32%
Published
2017-12-16
Updated
2017-12-28
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
Max CVSS
9.3
EPSS Score
1.68%
Published
2018-01-09
Updated
2018-02-02
Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.
Max CVSS
9.3
EPSS Score
4.78%
Published
2012-06-16
Updated
2021-06-16
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Max CVSS
9.3
EPSS Score
2.16%
Published
2012-06-16
Updated
2021-07-14
12 vulnerabilities found