Vulnerabilities (CVE)

Filtered by vendor Qt Subscribe
Filtered by product Qt
Total 54 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-0570 2 Qt, Redhat 2 Qt, Enterprise Linux 2024-02-28 4.4 MEDIUM 7.3 HIGH
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
CVE-2020-13962 4 Fedoraproject, Mumble, Opensuse and 1 more 4 Fedora, Mumble, Leap and 1 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
CVE-2020-17507 3 Debian, Fedoraproject, Qt 3 Debian Linux, Fedora, Qt 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
CVE-2020-12267 1 Qt 1 Qt 2024-02-28 7.5 HIGH 9.8 CRITICAL
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
CVE-2015-9541 2 Fedoraproject, Qt 2 Fedora, Qt 2024-02-28 5.0 MEDIUM 7.5 HIGH
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
CVE-2018-21035 1 Qt 1 Qt 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
CVE-2018-19872 3 Fedoraproject, Opensuse, Qt 3 Fedora, Leap, Qt 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
CVE-2018-19873 3 Debian, Opensuse, Qt 3 Debian Linux, Leap, Qt 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
CVE-2018-15518 3 Debian, Opensuse, Qt 3 Debian Linux, Leap, Qt 2024-02-28 6.8 MEDIUM 8.8 HIGH
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
CVE-2018-19869 2 Opensuse, Qt 2 Leap, Qt 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
CVE-2018-19870 3 Debian, Opensuse, Qt 3 Debian Linux, Leap, Qt 2024-02-28 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
CVE-2018-19865 2 Opensuse, Qt 2 Leap, Qt 2024-02-28 5.0 MEDIUM 7.5 HIGH
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
CVE-2018-19871 2 Opensuse, Qt 2 Leap, Qt 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
CVE-2017-10904 1 Qt 1 Qt 2024-02-28 7.5 HIGH 9.8 CRITICAL
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2015-1290 3 Google, Opensuse, Qt 3 Chrome, Leap, Qt 2024-02-28 9.3 HIGH 8.8 HIGH
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
CVE-2017-10905 1 Qt 1 Qt 2024-02-28 6.8 MEDIUM 5.3 MEDIUM
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.
CVE-2017-15011 1 Qt 1 Qt 2024-02-28 5.0 MEDIUM 7.5 HIGH
The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.
CVE-2015-1860 3 Digia, Fedoraproject, Qt 3 Qt, Fedora, Qt 2024-02-28 6.8 MEDIUM N/A
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
CVE-2015-1858 3 Digia, Fedoraproject, Qt 3 Qt, Fedora, Qt 2024-02-28 6.8 MEDIUM N/A
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
CVE-2015-7298 2 Owncloud, Qt 2 Owncloud Desktop Client, Qt 2024-02-28 5.1 MEDIUM N/A
ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.