CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-17507 – qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp
https://notcve.org/view.php?id=CVE-2020-17507
12 Aug 2020 — An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. Se detectó un problema en Qt versiones hasta 5.12.9 y versiones 5.13.x hasta 5.15.x anteriores a 5.15.1. La función read_xbm_body en el archivo gui/image/qxbmhandler.cpp presenta una lectura excesiva del búfer It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted P... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html • CWE-125: Out-of-bounds Read •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-21035 – qt5-qtwebsockets: websocket implementation allows only limited size for frames and messages therefore attacker can cause DOS
https://notcve.org/view.php?id=CVE-2018-21035
28 Feb 2020 — In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). En Qt versiones hasta 5.14.1, la implementación de WebSocket acepta hasta 2GB para tramas y 2GB para mensajes. Los límites más pequeños no pueden ser configurados. • https://bugreports.qt.io/browse/QTBUG-70693 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 1CVE-2020-0570 – qt: files placed by attacker can influence the working directory and lead to malicious code execution
https://notcve.org/view.php?id=CVE-2020-0570
04 Feb 2020 — Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. Una ruta de búsqueda no controlada en QT Library versiones anteriores a 5.14.0, 5.12.7 y 5.9.10, puede permitir a un usuario autenticado habilitar potencialmente una elevación de privilegios por medio un acceso local It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a ... • https://bugreports.qt.io/browse/QTBUG-81272 • CWE-73: External Control of File Name or Path CWE-426: Untrusted Search Path •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19869 – qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-19869
26 Dec 2018 — An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Una imagen SVG mal formada provoca un fallo de segmentación en qsvghandler.cpp. It was discovered that QtSvg incorrectly handled certain malformed SVG images. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19871 – qt5-qtimageformats: QTgaFile CPU exhaustion
https://notcve.org/view.php?id=CVE-2018-19871
26 Dec 2018 — An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Hay un consumo de recursos no controlado en QTgaFile. The qt packages contain a software toolkit that simplifies the task of writing and maintaining Graphical User Interface applications for the X Window System. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-19870 – qt5-qtbase: QImage allocation failure in qgifhandler
https://notcve.org/view.php?id=CVE-2018-19870
26 Dec 2018 — An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Una imagen GIF mal formada provoca una desreferencia de puntero NULL en QGifHandler, lo que resulta en un fallo de segmentación. It was discovered that Qt incorrectly handled certain XML documents. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-19873 – qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file
https://notcve.org/view.php?id=CVE-2018-19873
26 Dec 2018 — An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. QBmpHandler tiene un desbordamiento de búfer mediante datos BMP. It was discovered that Qt incorrectly handled certain XML documents. • http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1290
https://notcve.org/view.php?id=CVE-2015-1290
09 Jan 2018 — The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. El motor Google V8, tal y como se utiliza en Google Chrome en versiones anteriores a la 44.0.2403.89 y QtWebEngineCore en Qt en versiones anteriores a la 5.5.1, permiten que atacantes remotos provoquen una denegación de servicio (corrupción de memoria) o ejecuten código arbitrario ... • http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10905
https://notcve.org/view.php?id=CVE-2017-10905
15 Dec 2017 — A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. Una vulnerabilidad en aplicaciones creadas mediante Qt para Android en versiones anteriores a la 5.9.3 permite que atacantes alteren variables del entorno mediante vectores sin especificar. • https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10904
https://notcve.org/view.php?id=CVE-2017-10904
15 Dec 2017 — Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. Qt para Android en versiones anteriores a la 5.9.0 permite que los atacantes remotos ejecuten comandos de sistema operativo arbitrarios mediante vectores sin especificar. • https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •