rpm package
opensuse/libqt5-qtbase&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Tumbleweed
Vulnerabilities (21)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-5455 | Hig | — | < 5.15.17+kde122-2.1 | 5.15.17+kde122-2.1 | Jun 2, 2025 | An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a val | |
| CVE-2024-39936 | — | < 5.15.14+kde143-1.1 | 5.15.14+kde143-1.1 | Jul 4, 2024 | An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not | ||
| CVE-2024-25580 | — | < 5.15.12+kde151-1.1 | 5.15.12+kde151-1.1 | Mar 27, 2024 | An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. | ||
| CVE-2023-51714 | — | < 5.15.12+kde147-1.1 | 5.15.12+kde147-1.1 | Dec 24, 2023 | An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. | ||
| CVE-2023-43114 | — | < 5.15.11+kde134-1.1 | 5.15.11+kde134-1.1 | Sep 18, 2023 | An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of m | ||
| CVE-2023-37369 | — | < 5.15.11+kde138-3.1 | 5.15.11+kde138-3.1 | Aug 20, 2023 | In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. | ||
| CVE-2023-38197 | — | < 5.15.11+kde138-2.1 | 5.15.11+kde138-2.1 | Jul 13, 2023 | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. | ||
| CVE-2023-34410 | — | < 5.15.10+kde129-1.1 | 5.15.10+kde129-1.1 | Jun 5, 2023 | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. | ||
| CVE-2023-32763 | — | < 5.15.9+kde154-1.1 | 5.15.9+kde154-1.1 | May 28, 2023 | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. | ||
| CVE-2023-32762 | — | < 5.15.9+kde154-1.1 | 5.15.9+kde154-1.1 | May 28, 2023 | An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This | ||
| CVE-2023-33285 | — | < 5.15.10+kde129-1.1 | 5.15.10+kde129-1.1 | May 22, 2023 | An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. | ||
| CVE-2023-24607 | — | < 5.15.8+kde183-1.1 | 5.15.8+kde183-1.1 | Apr 15, 2023 | Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. | ||
| CVE-2022-37434 | — | < 5.15.6+kde177-1.1 | 5.15.6+kde177-1.1 | Aug 5, 2022 | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable t | ||
| CVE-2022-27404 | — | < 5.15.6+kde177-1.1 | 5.15.6+kde177-1.1 | Apr 22, 2022 | FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. | ||
| CVE-2022-25255 | — | < 5.15.2+kde294-4.1 | 5.15.2+kde294-4.1 | Feb 16, 2022 | In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. | ||
| CVE-2022-23853 | — | < 5.15.2+kde294-2.1 | 5.15.2+kde294-2.1 | Feb 11, 2022 | The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the direc | ||
| CVE-2020-0570 | — | < 5.15.2+kde222-1.3 | 5.15.2+kde222-1.3 | Sep 14, 2020 | Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. | ||
| CVE-2020-17507 | — | < 5.15.2+kde222-1.3 | 5.15.2+kde222-1.3 | Aug 12, 2020 | An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. | ||
| CVE-2020-13962 | — | < 5.15.2+kde268-2.1 | 5.15.2+kde268-2.1 | Jun 8, 2020 | Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any h | ||
| CVE-2020-12267 | — | < 5.15.2+kde222-1.3 | 5.15.2+kde222-1.3 | Apr 27, 2020 | setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. |
- affected < 5.15.17+kde122-2.1fixed 5.15.17+kde122-2.1
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a val
- CVE-2024-39936Jul 4, 2024affected < 5.15.14+kde143-1.1fixed 5.15.14+kde143-1.1
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not
- CVE-2024-25580Mar 27, 2024affected < 5.15.12+kde151-1.1fixed 5.15.12+kde151-1.1
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
- CVE-2023-51714Dec 24, 2023affected < 5.15.12+kde147-1.1fixed 5.15.12+kde147-1.1
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
- CVE-2023-43114Sep 18, 2023affected < 5.15.11+kde134-1.1fixed 5.15.11+kde134-1.1
An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of m
- CVE-2023-37369Aug 20, 2023affected < 5.15.11+kde138-3.1fixed 5.15.11+kde138-3.1
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
- CVE-2023-38197Jul 13, 2023affected < 5.15.11+kde138-2.1fixed 5.15.11+kde138-2.1
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
- CVE-2023-34410Jun 5, 2023affected < 5.15.10+kde129-1.1fixed 5.15.10+kde129-1.1
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
- CVE-2023-32763May 28, 2023affected < 5.15.9+kde154-1.1fixed 5.15.9+kde154-1.1
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
- CVE-2023-32762May 28, 2023affected < 5.15.9+kde154-1.1fixed 5.15.9+kde154-1.1
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This
- CVE-2023-33285May 22, 2023affected < 5.15.10+kde129-1.1fixed 5.15.10+kde129-1.1
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
- CVE-2023-24607Apr 15, 2023affected < 5.15.8+kde183-1.1fixed 5.15.8+kde183-1.1
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
- CVE-2022-37434Aug 5, 2022affected < 5.15.6+kde177-1.1fixed 5.15.6+kde177-1.1
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable t
- CVE-2022-27404Apr 22, 2022affected < 5.15.6+kde177-1.1fixed 5.15.6+kde177-1.1
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
- CVE-2022-25255Feb 16, 2022affected < 5.15.2+kde294-4.1fixed 5.15.2+kde294-4.1
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
- CVE-2022-23853Feb 11, 2022affected < 5.15.2+kde294-2.1fixed 5.15.2+kde294-2.1
The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the direc
- CVE-2020-0570Sep 14, 2020affected < 5.15.2+kde222-1.3fixed 5.15.2+kde222-1.3
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
- CVE-2020-17507Aug 12, 2020affected < 5.15.2+kde222-1.3fixed 5.15.2+kde222-1.3
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
- CVE-2020-13962Jun 8, 2020affected < 5.15.2+kde268-2.1fixed 5.15.2+kde268-2.1
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any h
- CVE-2020-12267Apr 27, 2020affected < 5.15.2+kde222-1.3fixed 5.15.2+kde222-1.3
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
Page 1 of 2