CVE-2023-24607
https://notcve.org/view.php?id=CVE-2023-24607
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. • https://codereview.qt-project.org/c/qt/qtbase/+/456216 https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456217 https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/456238 https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin https: •
CVE-2022-25634
https://notcve.org/view.php?id=CVE-2022-25634
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. Qt versiones hasta 5.15.8 y versiones 6.x hasta 6.2.3, pueden cargar archivos de biblioteca del sistema desde un directorio de trabajo no deseado • https://codereview.qt-project.org/c/qt/qtbase/+/396440 https://codereview.qt-project.org/c/qt/qtbase/+/396689 https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690 https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-38593 – qt: out-of-bounds write in QOutlineMapper::convertPath called from QRasterPaintEngine::fill and QPaintEngineEx::stroke
https://notcve.org/view.php?id=CVE-2021-38593
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). Qt 5.x antes de la versión 5.15.6 y 6.x hasta la versión 6.1.2 tiene una escritura fuera de límites en QOutlineMapper::convertPath (llamada desde QRasterPaintEngine::fill y QPaintEngineEx::stroke) • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862 https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I https://lists.fedoraproject.org/archives/ • CWE-787: Out-of-bounds Write •
CVE-2020-17507 – qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp
https://notcve.org/view.php?id=CVE-2020-17507
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. Se detectó un problema en Qt versiones hasta 5.12.9 y versiones 5.13.x hasta 5.15.x anteriores a 5.15.1. La función read_xbm_body en el archivo gui/image/qxbmhandler.cpp presenta una lectura excesiva del búfer • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html https://codereview.qt-project.org/c/qt/qtbase/+/30843 • CWE-125: Out-of-bounds Read •
CVE-2018-21035 – qt5-qtwebsockets: websocket implementation allows only limited size for frames and messages therefore attacker can cause DOS
https://notcve.org/view.php?id=CVE-2018-21035
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). En Qt versiones hasta 5.14.1, la implementación de WebSocket acepta hasta 2GB para tramas y 2GB para mensajes. Los límites más pequeños no pueden ser configurados. • https://bugreports.qt.io/browse/QTBUG-70693 https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735 https://access.redhat.com/security/cve/CVE-2018-21035 https://bugzilla.redhat.com/show_bug.cgi?id=1810964 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •