CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2015-9541 – qt: XML entity expansion vulnerability
https://notcve.org/view.php?id=CVE-2015-9541
24 Jan 2020 — Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. Qt versiones hasta 5.14, permite un ataque de expansión de entidad XML exponencial por medio de un documento SVG diseñado que es manejado inapropiadamente en la función QXmlStreamReader, un problema relacionado con el CVE-2003-1564. An XML Entity Expansion flaw was found in the QT library. Applications that use QT to load untrusted images, for... • https://bugreports.qt.io/browse/QTBUG-47417 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 1CVE-2018-19872 – qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp
https://notcve.org/view.php?id=CVE-2018-19872
15 Mar 2019 — An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. Se ha descubierto un problema en Qt 5.11. Una imagen PPM mal formada provoca una división entre cero y un cierre inesperado en qppmhandler.cpp. It was discovered that Qt incorrectly handled certain PPM images. • http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19869 – qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-19869
26 Dec 2018 — An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Una imagen SVG mal formada provoca un fallo de segmentación en qsvghandler.cpp. It was discovered that QtSvg incorrectly handled certain malformed SVG images. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 0CVE-2018-19870 – qt5-qtbase: QImage allocation failure in qgifhandler
https://notcve.org/view.php?id=CVE-2018-19870
26 Dec 2018 — An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Una imagen GIF mal formada provoca una desreferencia de puntero NULL en QGifHandler, lo que resulta en un fallo de segmentación. It was discovered that Qt incorrectly handled certain XML documents. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2018-19871 – qt5-qtimageformats: QTgaFile CPU exhaustion
https://notcve.org/view.php?id=CVE-2018-19871
26 Dec 2018 — An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Hay un consumo de recursos no controlado en QTgaFile. The qt packages contain a software toolkit that simplifies the task of writing and maintaining Graphical User Interface applications for the X Window System. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 12%CPEs: 4EXPL: 0CVE-2018-19873 – qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file
https://notcve.org/view.php?id=CVE-2018-19873
26 Dec 2018 — An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. QBmpHandler tiene un desbordamiento de búfer mediante datos BMP. It was discovered that Qt incorrectly handled certain XML documents. • http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 0CVE-2018-15518 – qt5-qtbase: Double free in QXmlStreamReader
https://notcve.org/view.php?id=CVE-2018-15518
26 Dec 2018 — QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. QXmlStream en Qt 5.x en versiones anteriores a la 5.11.3 tiene una doble liberación (double free) o una corrupción durante el análisis de un documento XML ilegal especialmente manipulado. It was discovered that Qt incorrectly handled certain XML documents. A remote attacker could use this issue with a specially crafted XML document to cause Qt to crash, resulting in a denial of serv... • http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19865
https://notcve.org/view.php?id=CVE-2018-19865
05 Dec 2018 — A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. Se ha descubierto un problema de registro de pulsaciones del teclado en Virtual Keyboard en Qt, en versiones 5.7.x, 5.8.x, 5.9.x, 5.10.x y versiones 5.11.x anteriores a la 5.11.3. • http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2017-15011
https://notcve.org/view.php?id=CVE-2017-15011
03 Oct 2017 — The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. Las tuberías nombradas en qtsingleapp en QT 5.x, tal y como se usan en qBittorrent y SugarSync, están configuradas para que se puedan acceder de manera remota y permitan que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante una cadena no especif... • https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •