CVE Daily
← All tags

Tag: Qt

All CVEs associated with "Qt". Page 1/2 • 165 CVEs.

About “Qt”

A curated feed of “Qt”-related CVEs appears below. We currently track 165 CVEs for this tag (all time). In the last 365 days, 11 were published. Average CVSS is 6.6 (all time; 6.0 over 365d), and 43% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-20 - Improper Input Validation, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-913 - Improper Control of Dynamically-Managed Code Resources.

In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: qt

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestExtended SupportEOLLTS
6.116.11.1 Soon
6.106.10.3 Expired
6.96.9.3 Expired
6.86.8.3 ExpiredLTS
6.76.7.3 Expired
6.66.6.3 Expired
6.56.5.8 ExpiredLTS
6.46.4.3 Expired
6.36.3.2 Expired
6.26.2.4 ExpiredLTS
6.16.1.3 Expired
6.06.0.4 Expired
5.155.15.17 ExpiredLTS
5.145.14.2Unavailable Expired
5.135.13.2Unavailable Expired
5.125.12.12Unavailable ExpiredLTS
5.95.9.9Unavailable Expired
5.65.6.3Unavailable ExpiredLTS
4.84.8.7Unavailable ExpiredLTS

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Qt”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-05-22
Critical

CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt d…

CVSS: 9.3 CWE: CWE-913 - Improper Control of Dynamically-Managed Code Resources View on NVD
2026-05-19
Low

CVE-2025-14575

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted syste…

CVSS: 1.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2026-05-06
High

CVE-2026-6210

A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id at…

CVSS: 8.7 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2026-04-30
High

CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2026-01-22
High

CVE-2025-69003

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-12-03
High

CVE-2025-12385

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 3…

CVSS: 8.7 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-10-31
Low

CVE-2025-23050

QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2.

CVSS: 3.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2025-10-16
Critical

CVE-2025-6338

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from…

CVSS: 9.2 CWE: CWE-459 - Incomplete Cleanup View on NVD
2025-07-11
Low

CVE-2025-5992

When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QC…

CVSS: 2.3 CWE: CWE-20 - Improper Input Validation View on NVD
2025-06-11
Low

CVE-2025-5991

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a…

CVSS: 2.1 CWE: CWE-416 - Use After Free View on NVD
2025-06-05
Medium

CVE-2025-5683

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fi…

CVSS: 5.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-06-02
High

CVE-2025-5455

An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed…

CVSS: 8.4 CWE: CWE-20 - Improper Input Validation View on NVD
2025-05-16
High

CVE-2025-4211

Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious…

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2025-04-11
Medium

CVE-2025-3512

There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This i…

CVSS: 4.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2025-03-21
Medium

CVE-2025-30348

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

CVSS: 5.8 CWE: CWE-407 - Inefficient Algorithmic Complexity View on NVD
2024-12-12
Critical

CVE-2024-47597

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function…

CVSS: 9.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2024-11-22
High

CVE-2024-30376

Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of F…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2024-11-18
Medium

CVE-2024-52918

Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file.

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2024-10-15
Critical

CVE-2024-48779

An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the…

CVSS: 9.8 CWE: N/A View on NVD
2024-10-09
Medium

CVE-2023-45872

An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document…

CVSS: 6.5 CWE: N/A View on NVD
2024-07-15
High

CVE-2024-36432

An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, and X11PDG-SN motherboards with BIOS firmware before 4.4.

CVSS: 7.5 CWE: CWE-1246 - Improper Write Handling in Limited-write Non-Volatile Memories View on NVD
2024-07-04
High

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an est…

CVSS: 8.6 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
2024-05-18
Critical

CVE-2024-36048

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which m…

CVSS: 9.8 CWE: CWE-335 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) View on NVD
2024-03-27
Medium

CVE-2023-45935

Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application sh…

CVSS: 4.2 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2024-25580

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occu…

CVSS: 6.2 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2024-03-24
Medium

CVE-2024-30161

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)

CVSS: 6.5 CWE: CWE-416 - Use After Free View on NVD
2023-12-24
Critical

CVE-2023-51714

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incor…

CVSS: 9.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2023-12-14
High

CVE-2023-42801

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d…

CVSS: 7.6 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2023-09-18
Medium

CVE-2023-43114

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addA…

CVSS: 5.5 CWE: N/A View on NVD
2023-08-20
High

CVE-2023-37369

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefi…

CVSS: 7.5 CWE: N/A View on NVD
2023-08-11
Medium

CVE-2021-28025

Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).

CVSS: 5.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2023-08-09
Medium

CVE-2023-37856

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration di…

CVSS: 4.3 CWE: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere View on NVD
Medium

CVE-2023-37855

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt bro…

CVSS: 4.3 CWE: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere View on NVD
2023-07-13
High

CVE-2023-38197

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
2023-06-05
Medium

CVE-2023-34410

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configur…

CVSS: 5.3 CWE: CWE-295 - Improper Certificate Validation View on NVD
2023-05-28
High

CVE-2023-32763

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be trigger…

CVSS: 7.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2023-32762

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted c…

CVSS: 5.3 CWE: N/A View on NVD
2023-05-22
Medium

CVE-2023-33285

An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-05-10
Medium

CVE-2023-32573

In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.

CVSS: 6.5 CWE: CWE-369 - Divide By Zero View on NVD
2023-04-15
High

CVE-2023-24607

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8,…

CVSS: 7.5 CWE: N/A View on NVD
2023-02-20
Low

CVE-2014-125088

A vulnerability was found in qt-users-jp silk 0.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file contents/root/examples/header.qml. The manipulation of th…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2023-01-12
High

CVE-2022-43591

A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitr…

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2022-40983

An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which ca…

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2022-11-18
High

CVE-2022-31694

InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2022-08-22
High

CVE-2021-3481

A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2022-07-18
High

CVE-2022-34902

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2022-03-02
High

CVE-2022-25634

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-02-16
High

CVE-2022-25255

In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.

CVSS: 7.8 CWE: N/A View on NVD
2022-01-18
High

CVE-2022-21690

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the reques…

CVSS: 8.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2022-21688

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were fou…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2022-01-01
Medium

CVE-2021-45930

Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipp…

CVSS: 5.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
2021-08-12
High

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
2021-08-09
High

CVE-2020-24742

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

CVSS: 7.8 CWE: N/A View on NVD
2021-08-02
Critical

CVE-2021-24472

The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will…

CVSS: 9.8 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2021-02-04
Critical

CVE-2021-3401

Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated…

CVSS: 9.8 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
2020-09-18
High

CVE-2020-3979

InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not require…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2020-09-14
High

CVE-2020-0570

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.

CVSS: 7.3 CWE: CWE-426 - Untrusted Search Path View on NVD
2020-09-13
High

CVE-2020-25291

GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/pa…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2020-08-29
High

CVE-2020-24972

The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line o…

CVSS: 8.8 CWE: CWE-116 - Improper Encoding or Escaping of Output View on NVD
2020-08-12
Medium

CVE-2020-17507

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
2020-06-09
High

CVE-2020-13962

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors le…

CVSS: 7.5 CWE: N/A View on NVD
2020-04-27
Critical

CVE-2020-12267

setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD
2020-04-07
Medium

CVE-2016-11034

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. The decode function in Qjpeg in Qt 5.7 allows attackers to trigger a system crash via a malformed image. The Sam…

CVSS: 6.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
High

CVE-2016-11052

An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. je_free in libQjpeg.so in Qjpeg in Qt 5.5 allows memory corruption via a malformed JPEG file. The Samsung ID is SVE-2015-51…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2020-03-12
Medium

CVE-2018-20586

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.

CVSS: 5.3 CWE: CWE-116 - Improper Encoding or Escaping of Output View on NVD
Medium

CVE-2017-18350

bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server re…

CVSS: 5.9 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2015-3641

bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack.

CVSS: 7.5 CWE: N/A View on NVD
2020-02-28
High

CVE-2018-21035

In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of serv…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2020-01-24
High

CVE-2015-9541

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

CVSS: 7.5 CWE: CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') View on NVD
2019-10-23
Medium

CVE-2019-18281

An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an a…

CVSS: 4.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2019-09-05
High

CVE-2019-15947

In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's…

CVSS: 7.5 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
2019-06-14
High

CVE-2019-12828

An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Orig…

CVSS: 8.8 CWE: CWE-19 View on NVD
2019-04-19
High

CVE-2019-11351

TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework.

CVSS: 8.8 CWE: CWE-426 - Untrusted Search Path View on NVD
2019-03-21
Medium

CVE-2018-19872

An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.

CVSS: 5.5 CWE: CWE-369 - Divide By Zero View on NVD
2018-12-26
Critical

CVE-2018-19873

An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2018-19871

An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2018-19870

An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.

CVSS: 8.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2018-19869

An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-15518

QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.

CVSS: 8.8 CWE: CWE-415 - Double Free View on NVD
2018-12-07
Medium

CVE-2018-5815

An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple Q…

CVSS: 6.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2018-12-05
High

CVE-2018-19865

A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.

CVSS: 7.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2018-09-19
High

CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitabl…

CVSS: 7.5 CWE: N/A View on NVD
2018-03-15
Medium

CVE-2017-18238

An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of servi…

CVSS: 5.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
2018-02-08
High

CVE-2012-5360

Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file.

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
2018-01-09
High

CVE-2015-1290

The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrar…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2017-12-16
Medium

CVE-2017-10905

A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.

CVSS: 5.3 CWE: N/A View on NVD
Critical

CVE-2017-10904

Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2017-10-04
High

CVE-2017-15011

The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an uns…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2017-09-20
High

CVE-2015-1329

Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2017-07-25
High

CVE-2015-1332

The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute a…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2017-03-07
Medium

CVE-2016-10040

Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags.

CVSS: 5.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2016-02-28
High

CVE-2016-2521

Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gai…

CVSS: 7.8 CWE: CWE-264 View on NVD
2015-10-26
Medium

CVE-2015-7298

ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote…

CVSS: 5.1 CWE: N/A View on NVD
2015-07-03
Medium

CVE-2015-3669

QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability th…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-3668

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupti…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-3667

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupti…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-3666

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupti…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-3665

QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability th…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-3664

QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability th…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-3663

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupti…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-3662

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupti…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-3661

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupti…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2015-05-12
Medium

CVE-2015-1860

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possib…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-1859

Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fa…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-1858

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash)…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2015-03-25
Medium

CVE-2015-0295

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and cr…

CVSS: 5.0 CWE: CWE-189 View on NVD
2014-11-16
Medium

CVE-2014-3756

The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is tre…

CVSS: 5.0 CWE: CWE-19 View on NVD
Medium

CVE-2014-3755

The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image…

CVSS: 5.0 CWE: CWE-399 View on NVD
2014-09-19
Medium

CVE-2014-4350

Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-1391

QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-05-08
Medium

CVE-2014-0190

The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.

CVSS: 4.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2013-12-23
Medium

CVE-2013-4549

QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
2013-10-23
Medium

CVE-2013-4422

SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in…

CVSS: 6.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2013-09-10
Medium

CVE-2013-5700

The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of…

CVSS: 5.0 CWE: CWE-189 View on NVD
2013-08-02
Medium

CVE-2013-4627

Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2013-3220

bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an exces…

CVSS: 6.4 CWE: CWE-399 View on NVD
Medium

CVE-2013-3219

bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a…

CVSS: 5.0 CWE: CWE-264 View on NVD
2013-03-12
Medium

CVE-2013-2293

The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attacker…

CVSS: 5.0 CWE: CWE-399 View on NVD
High

CVE-2013-2292

bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multip…

CVSS: 7.8 CWE: CWE-399 View on NVD
Medium

CVE-2013-2273

bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox