QT : Security Vulnerabilities, CVEs, (Memory corruption)
Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-27
Updated
2024-04-11
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).
Max CVSS
5.5
EPSS Score
0.09%
Published
2022-01-01
Updated
2023-08-23
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
Max CVSS
7.5
EPSS Score
0.39%
Published
2021-08-12
Updated
2024-02-03
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
Max CVSS
9.8
EPSS Score
0.49%
Published
2020-04-27
Updated
2023-01-27
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
Max CVSS
5.7
EPSS Score
0.05%
Published
2020-11-23
Updated
2023-09-12
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
Max CVSS
8.8
EPSS Score
0.57%
Published
2018-12-26
Updated
2020-09-28
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
Max CVSS
6.5
EPSS Score
0.66%
Published
2018-12-26
Updated
2020-11-02
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
Max CVSS
8.8
EPSS Score
1.48%
Published
2018-12-26
Updated
2020-09-28
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
Max CVSS
6.8
EPSS Score
4.17%
Published
2015-05-12
Updated
2021-06-16
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
Max CVSS
6.8
EPSS Score
3.32%
Published
2015-05-12
Updated
2021-06-16
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
Max CVSS
6.8
EPSS Score
3.32%
Published
2015-05-12
Updated
2021-06-16
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
Max CVSS
9.3
EPSS Score
1.68%
Published
2018-01-09
Updated
2018-02-02
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.
Max CVSS
4.3
EPSS Score
1.47%
Published
2014-05-08
Updated
2021-06-16
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Max CVSS
9.3
EPSS Score
2.16%
Published
2012-06-16
Updated
2021-07-14
14 vulnerabilities found