rpm package
almalinux/qt5-srpm-macros
pkg:rpm/almalinux/qt5-srpm-macros
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-37369 | — | < 5.15.9-1.el9 | 5.15.9-1.el9 | Aug 20, 2023 | In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. | ||
| CVE-2023-38197 | — | < 5.15.9-1.el9 | 5.15.9-1.el9 | Jul 13, 2023 | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. | ||
| CVE-2023-34410 | — | < 5.15.9-1.el9 | 5.15.9-1.el9 | Jun 5, 2023 | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. | ||
| CVE-2023-33285 | — | < 5.15.9-1.el9 | 5.15.9-1.el9 | May 22, 2023 | An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. | ||
| CVE-2023-32573 | — | < 5.15.9-1.el9 | 5.15.9-1.el9 | May 10, 2023 | In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. | ||
| CVE-2021-3481 | — | < 5.15.2-1.el8 | 5.15.2-1.el8 | Aug 22, 2022 | A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. | ||
| CVE-2022-25255 | — | < 5.15.3-1.el8 | 5.15.3-1.el8 | Feb 16, 2022 | In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. | ||
| CVE-2018-19872 | — | < 5.12.5-3.el8 | 5.12.5-3.el8 | Mar 15, 2019 | An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. | ||
| CVE-2018-19871 | — | < 5.12.5-3.el8 | 5.12.5-3.el8 | Dec 26, 2018 | An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. | ||
| CVE-2018-19869 | — | < 5.12.5-3.el8 | 5.12.5-3.el8 | Dec 26, 2018 | An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. |
- CVE-2023-37369Aug 20, 2023affected < 5.15.9-1.el9fixed 5.15.9-1.el9
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
- CVE-2023-38197Jul 13, 2023affected < 5.15.9-1.el9fixed 5.15.9-1.el9
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
- CVE-2023-34410Jun 5, 2023affected < 5.15.9-1.el9fixed 5.15.9-1.el9
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
- CVE-2023-33285May 22, 2023affected < 5.15.9-1.el9fixed 5.15.9-1.el9
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
- CVE-2023-32573May 10, 2023affected < 5.15.9-1.el9fixed 5.15.9-1.el9
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
- CVE-2021-3481Aug 22, 2022affected < 5.15.2-1.el8fixed 5.15.2-1.el8
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access.
- CVE-2022-25255Feb 16, 2022affected < 5.15.3-1.el8fixed 5.15.3-1.el8
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
- CVE-2018-19872Mar 15, 2019affected < 5.12.5-3.el8fixed 5.12.5-3.el8
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
- CVE-2018-19871Dec 26, 2018affected < 5.12.5-3.el8fixed 5.12.5-3.el8
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
- CVE-2018-19869Dec 26, 2018affected < 5.12.5-3.el8fixed 5.12.5-3.el8
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.