Qt: Security Vulnerabilities
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
CVSS Score
8.6
EPSS Score
0.005
Published
2020-02-28
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
CVSS Score
7.5
EPSS Score
0.009
Published
2020-01-24
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
CVSS Score
4.3
EPSS Score
0.017
Published
2019-10-23
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
CVSS Score
5.5
EPSS Score
0.003
Published
2019-03-21
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
CVSS Score
6.5
EPSS Score
0.006
Published
2018-12-26
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
CVSS Score
8.8
EPSS Score
0.022
Published
2018-12-26
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
CVSS Score
6.5
EPSS Score
0.009
Published
2018-12-26
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
CVSS Score
9.8
EPSS Score
0.082
Published
2018-12-26
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
CVSS Score
8.8
EPSS Score
0.021
Published
2018-12-26
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
CVSS Score
7.5
EPSS Score
0.008
Published
2018-12-05