rpm package
almalinux/qt5-qttools-static
pkg:rpm/almalinux/qt5-qttools-static
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3481 | — | < 5.15.2-3.el8 | 5.15.2-3.el8 | Aug 22, 2022 | A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. | ||
| CVE-2020-0569 | — | < 5.12.5-2.el8 | 5.12.5-2.el8 | Nov 23, 2020 | Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. | ||
| CVE-2020-0570 | — | < 5.12.5-2.el8 | 5.12.5-2.el8 | Sep 14, 2020 | Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. | ||
| CVE-2020-13962 | — | < 5.12.5-2.el8 | 5.12.5-2.el8 | Jun 8, 2020 | Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any h | ||
| CVE-2018-21035 | — | < 5.12.5-2.el8 | 5.12.5-2.el8 | Feb 28, 2020 | In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). | ||
| CVE-2015-9541 | — | < 5.12.5-2.el8 | 5.12.5-2.el8 | Jan 24, 2020 | Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. |
- CVE-2021-3481Aug 22, 2022affected < 5.15.2-3.el8fixed 5.15.2-3.el8
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access.
- CVE-2020-0569Nov 23, 2020affected < 5.12.5-2.el8fixed 5.12.5-2.el8
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2020-0570Sep 14, 2020affected < 5.12.5-2.el8fixed 5.12.5-2.el8
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
- CVE-2020-13962Jun 8, 2020affected < 5.12.5-2.el8fixed 5.12.5-2.el8
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any h
- CVE-2018-21035Feb 28, 2020affected < 5.12.5-2.el8fixed 5.12.5-2.el8
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
- CVE-2015-9541Jan 24, 2020affected < 5.12.5-2.el8fixed 5.12.5-2.el8
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.