VYPR

Qt

by Qt

Source repositories

CVEs (22)

  • CVE-2017-10904CriDec 16, 2017
    risk 0.64cvss 9.8epss 0.02

    Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2025-14576HigApr 30, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead…

  • CVE-2017-15011HigOct 4, 2017
    risk 0.49cvss 7.5epss 0.01

    The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.

  • CVE-2017-10905MedDec 16, 2017
    risk 0.34cvss 5.3epss 0.01

    A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.

  • CVE-2023-45935MedMar 27, 2024
    risk 0.27cvss 4.2epss 0.00

    Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X…

  • CVE-2010-2621Jul 2, 2010
    risk 0.04cvss epss 0.11

    The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.

  • CVE-2015-1860May 12, 2015
    risk 0.01cvss epss 0.09

    Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.

  • CVE-2015-1859May 12, 2015
    risk 0.01cvss epss 0.07

    Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.

  • CVE-2015-1858May 12, 2015
    risk 0.01cvss epss 0.07

    Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.

  • CVE-2011-3194Jun 16, 2012
    risk 0.01cvss epss 0.07

    Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.

  • CVE-2011-3193Jun 16, 2012
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

  • CVE-2025-30348Mar 21, 2025
    risk 0.00cvss epss 0.00

    encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

  • CVE-2015-7298Oct 26, 2015
    risk 0.00cvss epss 0.01

    ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server…

  • CVE-2014-0190May 8, 2014
    risk 0.00cvss epss 0.04

    The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.

  • CVE-2013-4549Dec 23, 2013
    risk 0.00cvss epss 0.03

    QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.

  • CVE-2012-6093Feb 24, 2013
    risk 0.00cvss epss 0.02

    The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when…

  • CVE-2012-5624Feb 24, 2013
    risk 0.00cvss epss 0.02

    The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.

  • CVE-2013-0254Feb 6, 2013
    risk 0.00cvss epss 0.00

    The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program…

  • CVE-2010-5076Jun 29, 2012
    risk 0.00cvss epss 0.01

    QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

  • CVE-2009-2700Sep 2, 2009
    risk 0.00cvss epss 0.01

    src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted…

Page 1 of 2