QT : Security Vulnerabilities, CVEs, CVSS score >= 9
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
Max CVSS
9.8
EPSS Score
0.08%
Published
2023-12-24
Updated
2024-01-04
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
Max CVSS
9.8
EPSS Score
0.49%
Published
2020-04-27
Updated
2023-01-27
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
Max CVSS
9.8
EPSS Score
0.77%
Published
2018-12-26
Updated
2020-09-28
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
Max CVSS
9.8
EPSS Score
0.32%
Published
2017-12-16
Updated
2017-12-28
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
Max CVSS
9.3
EPSS Score
1.68%
Published
2018-01-09
Updated
2018-02-02
Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.
Max CVSS
9.3
EPSS Score
4.78%
Published
2012-06-16
Updated
2021-06-16
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Max CVSS
9.3
EPSS Score
2.16%
Published
2012-06-16
Updated
2021-07-14
7 vulnerabilities found