Qtbase
by Qt
Source repositories
CVEs (17)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-6338 | Cri | 0.60 | — | 0.00 | Oct 16, 2025 | There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2. | ||
| CVE-2025-5455 | Hig | 0.55 | — | 0.00 | Jun 2, 2025 | An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a… | ||
| CVE-2025-4211 | Hig | 0.47 | — | 0.00 | May 16, 2025 | Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the… | ||
| CVE-2025-3512 | Med | 0.31 | — | 0.00 | Apr 11, 2025 | There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be… | ||
| CVE-2025-5992 | Low | 0.15 | — | 0.00 | Jul 11, 2025 | When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from… | ||
| CVE-2025-5991 | Low | 0.14 | — | 0.00 | Jun 11, 2025 | There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and… | ||
| CVE-2025-14575 | Low | 0.12 | — | 0.00 | May 19, 2026 | An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working… | ||
| CVE-2023-33285 | 0.00 | — | 0.01 | May 22, 2023 | An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. | |||
| CVE-2021-3481 | 0.00 | — | 0.01 | Aug 22, 2022 | A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access.… | |||
| CVE-2020-0569 | 0.00 | — | 0.01 | Nov 23, 2020 | Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. | |||
| CVE-2019-18281 | 0.00 | — | 0.02 | Oct 23, 2019 | An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters. | |||
| CVE-2018-19872 | 0.00 | — | 0.01 | Mar 15, 2019 | An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. | |||
| CVE-2018-19873 | 0.00 | — | 0.03 | Dec 26, 2018 | An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. | |||
| CVE-2018-15518 | 0.00 | — | 0.03 | Dec 26, 2018 | QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. | |||
| CVE-2018-19871 | 0.00 | — | 0.02 | Dec 26, 2018 | An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. | |||
| CVE-2018-19870 | 0.00 | — | 0.02 | Dec 26, 2018 | An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. | |||
| CVE-2018-19869 | 0.00 | — | 0.02 | Dec 26, 2018 | An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. |
- risk 0.60cvss —epss 0.00
There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2.
- risk 0.55cvss —epss 0.00
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a…
- risk 0.47cvss —epss 0.00
Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the…
- risk 0.31cvss —epss 0.00
There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be…
- risk 0.15cvss —epss 0.00
When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from…
- risk 0.14cvss —epss 0.00
There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and…
- risk 0.12cvss —epss 0.00
An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working…
- CVE-2023-33285May 22, 2023risk 0.00cvss —epss 0.01
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
- CVE-2021-3481Aug 22, 2022risk 0.00cvss —epss 0.01
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access.…
- CVE-2020-0569Nov 23, 2020risk 0.00cvss —epss 0.01
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2019-18281Oct 23, 2019risk 0.00cvss —epss 0.02
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
- CVE-2018-19872Mar 15, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
- CVE-2018-19873Dec 26, 2018risk 0.00cvss —epss 0.03
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
- CVE-2018-15518Dec 26, 2018risk 0.00cvss —epss 0.03
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
- CVE-2018-19871Dec 26, 2018risk 0.00cvss —epss 0.02
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
- CVE-2018-19870Dec 26, 2018risk 0.00cvss —epss 0.02
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
- CVE-2018-19869Dec 26, 2018risk 0.00cvss —epss 0.02
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.