Qt: >> Qt >> 5.12.11 Security Vulnerabilities
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-05-22
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-05-10
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-04-15
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-03-02
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-02-16
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
CVSS Score
7.5
EPSS Score
0.007
Published
2021-08-12
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Score
5.7
EPSS Score
0.004
Published
2020-11-23
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
CVSS Score
8.6
EPSS Score
0.004
Published
2020-02-28
Page 2