CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-32573 – qt: Uninitialized variable usage in m_unitsPerEm
https://notcve.org/view.php?id=CVE-2023-32573
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. A vulnerability was found in qt. The security flaw occurs due to uninitialized variable usage in m_unitsPerEm. • https://codereview.qt-project.org/c/qt/qtsvg/+/474093 https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX https://access.redhat.com/security/cve/CVE-2023-32573 https://bugzilla.redhat.com/show_bug.cgi?id=2208135 • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-24607
https://notcve.org/view.php?id=CVE-2023-24607
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. • https://codereview.qt-project.org/c/qt/qtbase/+/456216 https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217 https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238 https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin https: •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40983
https://notcve.org/view.php?id=CVE-2022-40983
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de enteros en la API QML QtScript Reflect de Qt Project Qt 6.3.2. Un código JavaScript especialmente manipulado puede provocar un desbordamiento de enteros durante la asignación de memoria, lo que puede provocar la ejecución de código arbitrario. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43591
https://notcve.org/view.php?id=CVE-2022-43591
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer en la API QML QtScript Reflect de Qt Project Qt 6.3.2. Un código JavaScript especialmente manipulado puede desencadenar un acceso a la memoria fuera de los límites, lo que puede provocar la ejecución de código arbitrario. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25634
https://notcve.org/view.php?id=CVE-2022-25634
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. Qt versiones hasta 5.15.8 y versiones 6.x hasta 6.2.3, pueden cargar archivos de biblioteca del sistema desde un directorio de trabajo no deseado • https://codereview.qt-project.org/c/qt/qtbase/+/396440 https://codereview.qt-project.org/c/qt/qtbase/+/396689 https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690 https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •