Skip to main content

Qt

42 CVEs product

Monthly

CVE-2025-14576 HIGH PATCH This Week

Code injection in Qt SVG module allows attackers to execute arbitrary QML/JavaScript when applications load malicious SVG files through Qt Quick's VectorImage component. Exploitation requires local file access and user interaction (opening crafted SVG). While QML execution is more restricted than native code, attackers can still trigger denial of service, exfiltrate application data, or manipulate UI logic depending on the victim application's privilege context. No active exploitation confirmed (not in CISA KEV), but patch available from Qt Project reduces urgency for immediate emergency response.

Code Injection RCE Information Disclosure Denial Of Service Qt
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2025-5683 MEDIUM PATCH This Month

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.

Denial Of Service Ubuntu Debian Qt Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-30348 MEDIUM PATCH This Month

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Suse
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2024-36048 CRITICAL PATCH Act Now

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Fedora
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-25580 MEDIUM PATCH This Month

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qt
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-30161 MEDIUM PATCH This Month

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Qt
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-51714 CRITICAL PATCH Act Now

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Debian Linux Qt
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-43114 MEDIUM PATCH This Month

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Qt
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-37369 HIGH POC PATCH This Week

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Qt Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-38197 HIGH PATCH This Week

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Qt
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-34410 MEDIUM PATCH This Month

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Fedora Qt
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-32763 HIGH PATCH This Week

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qt
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-32762 MEDIUM PATCH This Month

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Qt
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-33285 MEDIUM This Month

An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qt
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-32573 MEDIUM PATCH This Month

In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-24607 HIGH PATCH This Week

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Qt
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-25634 HIGH PATCH This Week

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Qt
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-38593 HIGH PATCH This Week

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Qt Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-0569 MEDIUM PATCH This Month

Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Microsoft Buffer Overflow Memory Corruption Intel +15
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2020-0570 HIGH POC PATCH This Week

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Qt Enterprise Linux
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2020-17507 MEDIUM PATCH This Month

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qt Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
3.9%
CVE-2020-13962 HIGH POC PATCH This Week

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

OpenSSL Denial Of Service Mumble Qt Fedora +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-12267 CRITICAL POC PATCH Act Now

setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Qt
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2018-19873 CRITICAL PATCH Act Now

An issue was discovered in Qt before 5.11.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qt Backports Leap Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2018-19871 MEDIUM PATCH This Month

An issue was discovered in Qt before 5.11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Qt Leap
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-19870 HIGH PATCH This Week

An issue was discovered in Qt before 5.11.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Qt Debian Linux Leap
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-19869 MEDIUM PATCH This Month

An issue was discovered in Qt before 5.11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Leap
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-15518 HIGH PATCH This Week

QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Debian Linux Leap
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-19865 HIGH PATCH This Week

A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Leap
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2017-10905 MEDIUM This Month

A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Qt
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-10904 CRITICAL Act Now

Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Command Injection Qt
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-15011 HIGH This Week

The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Qt
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2015-7298 MEDIUM This Month

ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Owncloud Desktop Client Qt
NVD
CVSS 2.0
5.1
EPSS
0.2%
CVE-2015-1860 MEDIUM PATCH This Month

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow Fedora Qt
NVD
CVSS 2.0
6.8
EPSS
6.4%
CVE-2015-1859 MEDIUM PATCH This Month

Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow Fedora Qt
NVD
CVSS 2.0
6.8
EPSS
4.4%
CVE-2015-1858 MEDIUM PATCH This Month

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow Qt Fedora
NVD
CVSS 2.0
6.8
EPSS
2.6%
CVE-2015-0295 MEDIUM This Month

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fedora Opensuse Qt
NVD
CVSS 2.0
5.0
EPSS
3.6%
CVE-2014-0190 MEDIUM This Month

The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Null Pointer Dereference Qt Fedora Opensuse +1
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2013-4549 MEDIUM This Month

QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qt
NVD
CVSS 2.0
5.0
EPSS
5.2%
CVE-2012-6093 MEDIUM This Month

The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

OpenSSL Information Disclosure Qt Ubuntu Linux Opensuse
NVD
CVSS 2.0
4.3
EPSS
2.3%
CVE-2012-5624 MEDIUM This Month

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Qt Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
1.9%
CVE-2013-0254 LOW PATCH Monitor

The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments,. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity.

Privilege Escalation Qt
NVD
CVSS 2.0
3.6
EPSS
0.1%
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Code injection in Qt SVG module allows attackers to execute arbitrary QML/JavaScript when applications load malicious SVG files through Qt Quick's VectorImage component. Exploitation requires local file access and user interaction (opening crafted SVG). While QML execution is more restricted than native code, attackers can still trigger denial of service, exfiltrate application data, or manipulate UI logic depending on the victim application's privilege context. No active exploitation confirmed (not in CISA KEV), but patch available from Qt Project reduces urgency for immediate emergency response.

Code Injection RCE Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.

Denial Of Service Ubuntu Debian +3
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Suse
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Fedora
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qt
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Debian Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Qt
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Qt Debian Linux
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Qt
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Fedora +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qt
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Qt
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qt
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Enterprise Linux
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Qt
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Qt
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Qt +1
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Microsoft Buffer Overflow +17
NVD
EPSS 1% CVSS 7.3
HIGH POC PATCH This Week

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Qt Enterprise Linux
NVD
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qt +2
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

OpenSSL Denial Of Service Mumble +3
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure +1
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Qt before 5.11.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qt Backports +3
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Qt before 5.11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Qt Leap
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Qt before 5.11.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Qt +2
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Qt before 5.11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Leap
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Debian Linux +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Leap
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Qt
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Command Injection Qt
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Qt
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Owncloud Desktop Client Qt
NVD
EPSS 6% CVSS 6.8
MEDIUM PATCH This Month

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 4% CVSS 6.8
MEDIUM PATCH This Month

Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 3% CVSS 6.8
MEDIUM PATCH This Month

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 4% CVSS 5.0
MEDIUM This Month

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fedora Opensuse +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Null Pointer Dereference Qt +3
NVD
EPSS 5% CVSS 5.0
MEDIUM This Month

QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qt
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

OpenSSL Information Disclosure Qt +2
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Qt Ubuntu Linux
NVD
EPSS 0% CVSS 3.6
LOW PATCH Monitor

The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments,. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity.

Privilege Escalation Qt
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy