Unrated severityNVD Advisory· Published Feb 16, 2022· Updated Aug 3, 2024
CVE-2022-25255
CVE-2022-25255
Description
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
Affected products
21- Qt/Qtdescription
- osv-coords20 versionspkg:rpm/almalinux/qt5pkg:rpm/almalinux/qt5-develpkg:rpm/almalinux/qt5-rpm-macrospkg:rpm/almalinux/qt5-srpm-macrospkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/qt6-base&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/qutebrowser&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Server%204.1
< 5.15.3-1.el9+ 19 more
- (no CPE)range: < 5.15.3-1.el9
- (no CPE)range: < 5.15.3-1.el8
- (no CPE)range: < 5.15.3-1.el8
- (no CPE)range: < 5.15.3-1.el8
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.15.2+kde294-4.1
- (no CPE)range: < 6.2.3-2.1
- (no CPE)range: < 2.5.0-1.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
- (no CPE)range: < 5.12.7-4.17.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- codereview.qt-project.org/c/qt/qtbase/+/393113mitrex_refsource_MISC
- codereview.qt-project.org/c/qt/qtbase/+/394914mitrex_refsource_MISC
- codereview.qt-project.org/c/qt/qtbase/+/396020mitrex_refsource_MISC
- download.qt.io/official_releases/qt/5.15/qprocess5-15.diffmitrex_refsource_MISC
- download.qt.io/official_releases/qt/6.2/qprocess6-2.diffmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.