VYPR

rpm package

almalinux/qt5-qtbase

pkg:rpm/almalinux/qt5-qtbase

Vulnerabilities (11)

  • CVE-2025-5455HigJun 2, 2025
    affected < 5.15.9-11.el9_6fixed 5.15.9-11.el9_6

    An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a val

  • CVE-2024-39936Jul 4, 2024
    affected < 5.15.3-8.el8_10fixed 5.15.3-8.el8_10

    An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not

  • CVE-2024-25580Mar 27, 2024
    affected < 5.15.9-9.el9fixed 5.15.9-9.el9

    An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.

  • CVE-2023-51714Dec 24, 2023
    affected < 5.15.9-9.el9fixed 5.15.9-9.el9

    An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.

  • CVE-2023-37369Aug 20, 2023
    affected < 5.15.9-7.el9fixed 5.15.9-7.el9

    In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.

  • CVE-2023-38197Jul 13, 2023
    affected < 5.15.9-7.el9fixed 5.15.9-7.el9

    An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.

  • CVE-2023-34410Jun 5, 2023
    affected < 5.15.9-7.el9fixed 5.15.9-7.el9

    An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.

  • CVE-2023-33285May 22, 2023
    affected < 5.15.9-7.el9fixed 5.15.9-7.el9

    An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.

  • CVE-2023-32573May 10, 2023
    affected < 5.15.9-7.el9fixed 5.15.9-7.el9

    In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.

  • CVE-2021-3481Aug 22, 2022
    affected < 5.15.2-3.el8fixed 5.15.2-3.el8

    A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access.

  • CVE-2021-38593Aug 12, 2021
    affected < 5.15.2-4.el8fixed 5.15.2-4.el8

    Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).