CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-25255 – qt: QProcess could execute a binary from the current working directory when not found in the PATH
https://notcve.org/view.php?id=CVE-2022-25255
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. En Qt versiones 5.9.x hasta 5.15.x anteriores a 5.15.9 y versiones 6.x anteriores a 6.2.4 en Linux y UNIX, QProcess podía ejecutar un binario del directorio de trabajo actual cuando no era encontrado en el PATH A flaw was found in qt. The vulnerability occurs due to executing binaries from the current directory when the loading path failed, leading to an uncontrolled path element vulnerability. This flaw allows an attacker to execute malicious executables. • https://codereview.qt-project.org/c/qt/qtbase/+/393113 https://codereview.qt-project.org/c/qt/qtbase/+/394914 https://codereview.qt-project.org/c/qt/qtbase/+/396020 https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff https://access.redhat.com/security/cve/CVE-2022-25255 https://bugzilla.redhat.com/show_bug.cgi?id=2055505 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3481 – qt: Out of bounds read in function QRadialFetchSimd from crafted svg file
https://notcve.org/view.php?id=CVE-2021-3481
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability. Se ha encontrado un fallo en Qt. • https://access.redhat.com/security/cve/CVE-2021-3481 https://bugreports.qt.io/browse/QTBUG-91507 https://bugzilla.redhat.com/show_bug.cgi?id=1931444 https://codereview.qt-project.org/c/qt/qtsvg/+/337646 https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38593 – qt: out-of-bounds write in QOutlineMapper::convertPath called from QRasterPaintEngine::fill and QPaintEngineEx::stroke
https://notcve.org/view.php?id=CVE-2021-38593
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). Qt 5.x antes de la versión 5.15.6 y 6.x hasta la versión 6.1.2 tiene una escritura fuera de límites en QOutlineMapper::convertPath (llamada desde QRasterPaintEngine::fill y QPaintEngineEx::stroke) • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862 https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I https://lists.fedoraproject.org/archives/ • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24742
https://notcve.org/view.php?id=CVE-2020-24742
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. Es corregido un problema en Qt versiones 5.14.0, donde la función QPluginLoader intenta cargar plugins relativos al directorio de trabajo, permitiendo a atacantes ejecutar código arbitrario por medio de archivos diseñados • https://codereview.qt-project.org/c/qt/qtbase/+/280730 •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-17507 – qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp
https://notcve.org/view.php?id=CVE-2020-17507
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. Se detectó un problema en Qt versiones hasta 5.12.9 y versiones 5.13.x hasta 5.15.x anteriores a 5.15.1. La función read_xbm_body en el archivo gui/image/qxbmhandler.cpp presenta una lectura excesiva del búfer • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html https://codereview.qt-project.org/c/qt/qtbase/+/30843 • CWE-125: Out-of-bounds Read •