Qt: Security Vulnerabilities
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-01-24
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
CVSS Score
4.3
EPSS Score
0.017
Published
2019-10-23
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
CVSS Score
5.5
EPSS Score
0.003
Published
2019-03-21
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
CVSS Score
6.5
EPSS Score
0.009
Published
2018-12-26
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
CVSS Score
8.8
EPSS Score
0.026
Published
2018-12-26
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
CVSS Score
6.5
EPSS Score
0.015
Published
2018-12-26
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
CVSS Score
9.8
EPSS Score
0.134
Published
2018-12-26
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
CVSS Score
8.8
EPSS Score
0.022
Published
2018-12-26
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
CVSS Score
7.5
EPSS Score
0.008
Published
2018-12-05
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
CVSS Score
8.8
EPSS Score
0.011
Published
2018-01-09