rpm package
opensuse/libqt5-qtbase&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.6
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-5455 | Hig | — | < 5.15.12+kde151-150600.3.9.1 | 5.15.12+kde151-150600.3.9.1 | Jun 2, 2025 | An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a val | |
| CVE-2025-30348 | — | < 5.15.12+kde151-150600.3.9.1 | 5.15.12+kde151-150600.3.9.1 | Mar 21, 2025 | encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). | ||
| CVE-2024-39936 | — | < 5.15.12+kde151-150600.3.6.1 | 5.15.12+kde151-150600.3.6.1 | Jul 4, 2024 | An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not | ||
| CVE-2023-45935 | Med | 4.2 | < 5.15.12+kde151-150600.3.6.1 | 5.15.12+kde151-150600.3.6.1 | Mar 27, 2024 | Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server |
- affected < 5.15.12+kde151-150600.3.9.1fixed 5.15.12+kde151-150600.3.9.1
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a val
- CVE-2025-30348Mar 21, 2025affected < 5.15.12+kde151-150600.3.9.1fixed 5.15.12+kde151-150600.3.9.1
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).
- CVE-2024-39936Jul 4, 2024affected < 5.15.12+kde151-150600.3.6.1fixed 5.15.12+kde151-150600.3.6.1
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not
- affected < 5.15.12+kde151-150600.3.6.1fixed 5.15.12+kde151-150600.3.6.1
Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server