CVE-2017-10905
Description
Vulnerability in Qt for Android prior to 5.9.3 allows remote attackers to alter environment variables, potentially leading to arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Vulnerability in Qt for Android prior to 5.9.3 allows remote attackers to alter environment variables, potentially leading to arbitrary code execution.
Vulnerability
The vulnerability exists in Qt for Android versions prior to 5.9.3. It allows attackers to alter environment variables of applications created using Qt for Android. The exact vector is unspecified but involves malicious applications on the same device [1][2].
Exploitation
An attacker must have a malicious application installed on the same Android device. The attack requires user interaction (e.g., launching the malicious app) and local access (AV:L). The attacker can alter environment variables of a target Qt application [1].
Impact
Successful exploitation could allow the attacker to alter environment variables, potentially leading to arbitrary code execution within the context of the target application. The impact on confidentiality, integrity, and availability is partial (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) [1].
Mitigation
Update to Qt for Android 5.9.3 or later. Patches are also available for Qt 5.6.3, 5.7.1, and 5.8.0 branches [2]. Users should apply patches provided by the vendor.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <5.9.3
- The Qt Company/Qt for Androidv5Range: prior to 5.9.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- blog.qt.io/blog/2017/11/22/security-advisory-qt-android/nvdIssue TrackingVendor Advisory
- jvn.jp/en/jp/JVN27342829/index.htmlnvdIssue TrackingThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.