Qt

Vendor: Qt • 58 CVEs

CVEs (58)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-5683 1Qt 1Qt Oct 15, 2025 Jun 5, 2025 5.1 MEDIUM· v4 5.5 MEDIUM· v3 N/A· v2 When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5...Show more When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.Show less
CVE-2025-30348 1Qt 1Qt Mar 24, 2025 Mar 21, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).
CVE-2024-39936 1Qt 1Qt Nov 29, 2025 Jul 4, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection m...Show more An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..Show less
CVE-2024-36048 2Fedoraproject Qt 2Fedora Qt Nov 4, 2025 May 18, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessabl...Show more QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.Show less
CVE-2024-25580 1Qt 1Qt Nov 4, 2025 Mar 27, 2024 N/A· v4 6.2 MEDIUM· v3 N/A· v2 An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX i...Show more An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.Show less
CVE-2024-30161 1Qt 1Qt Jun 30, 2025 Mar 24, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)
CVE-2023-51714 2Debian Qt 2Debian Linux Qt Mar 20, 2025 Dec 24, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer ov...Show more An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.Show less
CVE-2023-43114 1Qt 1Qt Nov 21, 2024 Sep 18, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromDa...Show more An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.Show less
CVE-2023-37369 2Debian Qt 2Debian Linux Qt Nov 21, 2024 Aug 20, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a l...Show more In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.Show less
CVE-2021-28025 1Qt 1Qt Nov 21, 2024 Aug 11, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
CVE-2023-38197 1Qt 1Qt Nov 21, 2024 Jul 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
CVE-2023-34410 3Debian FedoraprojectQt 3Debian Linux FedoraQt Mar 20, 2025 Jun 5, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
CVE-2023-32763 1Qt 1Qt Nov 21, 2024 May 28, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
CVE-2023-32762 2Debian Qt 2Debian Linux Qt Mar 5, 2025 May 28, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be esta...Show more An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.Show less
CVE-2023-33285 1Qt 1Qt Nov 21, 2024 May 22, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
CVE-2023-32573 2Qt Redhat 2Enterprise Linux Qt Jan 27, 2025 May 10, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
CVE-2023-24607 1Qt 1Qt Nov 21, 2024 Apr 15, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4....Show more Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.Show less
CVE-2022-43591 1Qt 1Qt Nov 21, 2024 Jan 12, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. T...Show more A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.Show less
CVE-2022-40983 1Qt 1Qt Nov 21, 2024 Jan 12, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary c...Show more An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.Show less
CVE-2021-3481 1Qt 1Qt Nov 21, 2024 Aug 22, 2022 N/A· v4 7.1 HIGH· v3 N/A· v2 A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG...Show more A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.Show less

12 3 Next