In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
CVSS Score
8.6
EPSS Score
0.004
Published
2020-02-28
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
CVSS Score
6.5
EPSS Score
0.009
Published
2018-12-26
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
CVSS Score
8.8
EPSS Score
0.026
Published
2018-12-26
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
CVSS Score
6.5
EPSS Score
0.015
Published
2018-12-26
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
CVSS Score
9.8
EPSS Score
0.134
Published
2018-12-26
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
CVSS Score
8.8
EPSS Score
0.011
Published
2018-01-09
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.
CVSS Score
4.3
EPSS Score
0.011
Published
2014-05-08
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
CVSS Score
9.3
EPSS Score
0.04
Published
2012-06-16
Page 2