Search CVE reports
1 – 10 of 355 results
CVE-2023-43114
Medium priorityAn issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then...
4 affected packages
qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| qt6-base | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
| qtbase-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
CVE-2023-37369
Medium priorityIn Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
4 affected packages
qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| qt6-base | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
| qtbase-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
CVE-2021-28025
Medium priorityInteger Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
3 affected packages
qt4-x11, qt6-svg, qtsvg-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| qt6-svg | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
| qtsvg-opensource-src | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-34410
Medium priorityAn issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
4 affected packages
qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| qt6-base | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
| qtbase-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
CVE-2021-3481
Low prioritySome fixes available 1 of 14
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file...
2 affected packages
qt4-x11, qtsvg-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| qtsvg-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Fixed | Needs evaluation |
CVE-2020-17507
Low prioritySome fixes available 1 of 6
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
2 affected packages
qt4-x11, qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| qtbase-opensource-src | Not affected | Not affected | Vulnerable | Fixed | Vulnerable |
CVE-2020-12267
Medium prioritysetMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
2 affected packages
qt4-x11, qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| qt4-x11 | — | — | Not in release | Not affected | Not affected |
| qtbase-opensource-src | — | — | Not affected | Not affected | Not affected |
CVE-2015-9541
Low priorityQt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
5 affected packages
phantomjs, pyside, pyside2, qt4-x11, qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| phantomjs | Not in release | Not in release | Vulnerable | Vulnerable | Vulnerable |
| pyside | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| pyside2 | Vulnerable | Vulnerable | Vulnerable | Not in release | Needs evaluation |
| qt4-x11 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| qtbase-opensource-src | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2019-17546
Medium prioritySome fixes available 5 of 53
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param"...
17 affected packages
blender, chromium-browser, gdal, insighttoolkit4, ivtools...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| blender | Not affected | Not affected | Not affected | Not affected | Not affected |
| chromium-browser | Not affected | Not affected | Not affected | Not affected | Not affected |
| gdal | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected | Not affected |
| ivtools | Not affected | Not affected | Not affected | Not affected | Not affected |
| libtk-img | Not affected | Not affected | Not affected | Not affected | Not affected |
| neuron | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
| povray | Not affected | Not affected | Not affected | Not affected | Not affected |
| qt4-x11 | Not in release | Not in release | Not in release | Not affected | Not affected |
| qtimageformats-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| sfftobmp | Not affected | Not affected | Not affected | Not affected | Not affected |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not affected |
| tiff | Not affected | Not affected | Not affected | Fixed | Fixed |
| xloadimage | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2019-7663
Medium prioritySome fixes available 4 of 49
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this...
9 affected packages
chromium, gdal, openjpeg2, qt4-x11, qtimageformats-opensource-src...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium | Not in release | Not in release | Not in release | Not in release | Not in release |
| gdal | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| qt4-x11 | Not in release | Not in release | Not in release | Not affected | Not affected |
| qtimageformats-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tiff | Not affected | Not affected | Not affected | Fixed | Fixed |
| tiff3 | Not in release | Not in release | Not in release | Not in release | Not in release |