Search CVE reports
1 – 10 of 356 results
An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then...
4 affected packages
qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation |
| qt6-base | Needs evaluation | Needs evaluation | Not in release | Ignored |
| qtbase-opensource-src | Ignored | Ignored | Ignored | Ignored |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
4 affected packages
qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation |
| qt6-base | Needs evaluation | Needs evaluation | Not in release | Ignored |
| qtbase-opensource-src | Not affected | Vulnerable | Vulnerable | Vulnerable |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
4 affected packages
qt4-x11, qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation |
| qt6-base | Needs evaluation | Needs evaluation | Not in release | Ignored |
| qtbase-opensource-src | Not affected | Vulnerable | Vulnerable | Vulnerable |
| qtbase-opensource-src-gles | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
Some fixes available 1 of 16
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file...
2 affected packages
qt4-x11, qtsvg-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation |
| qtsvg-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Fixed |
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
3 affected packages
qt4-x11, qt6-svg, qtsvg-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation |
| qt6-svg | Needs evaluation | Needs evaluation | Not in release | Ignored |
| qtsvg-opensource-src | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 1 of 6
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
2 affected packages
qt4-x11, qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Vulnerable |
| qtbase-opensource-src | Not affected | Not affected | Vulnerable | Fixed |
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
2 affected packages
qt4-x11, qtbase-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt4-x11 | — | — | Not in release | Not affected |
| qtbase-opensource-src | — | — | Not affected | Not affected |
Some fixes available 4 of 55
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this...
9 affected packages
chromium, texmaker, qtimageformats-opensource-src, qtwebengine-opensource-src, gdal...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium | Not in release | Not in release | Not in release | Not in release |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtimageformats-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdal | Not affected | Not affected | Not affected | Not affected |
| qt4-x11 | Not in release | Not in release | Not in release | Not affected |
| tiff | Not affected | Not affected | Not affected | Fixed |
| tiff3 | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 5 of 60
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param"...
17 affected packages
blender, chromium-browser, ivtools, xloadimage, neuron...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| blender | Not affected | Not affected | Not affected | Not affected |
| chromium-browser | Not affected | Not affected | Not in release | Not affected |
| ivtools | Not affected | Not affected | Not affected | Not affected |
| xloadimage | Not affected | Not affected | Not affected | Not affected |
| neuron | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected |
| qt4-x11 | Not in release | Not in release | Not in release | Not affected |
| tiff | Not affected | Not affected | Not affected | Fixed |
| qtimageformats-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
| gdal | Not affected | Not affected | Not affected | Not affected |
| libtk-img | Not affected | Not affected | Not affected | Not affected |
| paraview | Not affected | Not affected | Not affected | Not affected |
| povray | Not affected | Not affected | Not affected | Not affected |
| sfftobmp | Not affected | Not affected | Not affected | Not affected |
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
2 affected packages
qtimageformats-opensource-src, qt4-x11
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qtimageformats-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation |