CVE-2024-36048 — CVSS 9.8 (critical): QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through…
CVE-2023-51714 — CVSS 9.8 (critical): An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x…
CVE-2017-10904 — CVSS 9.8 (critical): Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2011-3194 — CVSS 9.3 (critical): Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash)…
CVE-2011-3193 — CVSS 9.3 (critical): Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and…
CVE-2022-40983 — CVSS 8.8 (high): An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can…
CVE-2015-1290 — CVSS 8.8 (high): The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause…
CVE-2018-15518 — CVSS 8.8 (high): QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
CVE-2018-19870 — CVSS 8.8 (high): An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a…
CVE-2022-43591 — CVSS 8.8 (high): A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can…
CVE-2024-39936 — CVSS 8.6 (high): An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before…
CVE-2020-24742 — CVSS 7.8 (high): An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing…
CVE-2022-25255 — CVSS 7.8 (high): In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working…
CVE-2020-13962 — CVSS 7.5 (high): Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can…
CVE-2023-38197 — CVSS 7.5 (high): An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in…
CVE-2023-37369 — CVSS 7.5 (high): In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a…
CVE-2023-32763 — CVSS 7.5 (high): An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside…
CVE-2023-24607 — CVSS 7.5 (high): Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The…
CVE-2022-25634 — CVSS 7.5 (high): Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.
CVE-2015-9541 — CVSS 7.5 (high): Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a…
CVE-2018-21035 — CVSS 7.5 (high): In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured…
CVE-2017-15011 — CVSS 7.5 (high): The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers…
CVE-2018-19865 — CVSS 7.5 (high): A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
CVE-2021-38593 — CVSS 7.5 (high): Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill…
CVE-2020-0570 — CVSS 7.3 (high): Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation…
CVE-2021-3481 — CVSS 7.1 (high): A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in…
CVE-2006-4811 — CVSS 6.8 (medium): Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and…
CVE-2015-1858 — CVSS 6.8 (medium): Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers…
CVE-2015-1859 — CVSS 6.8 (medium): Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow…
CVE-2015-1860 — CVSS 6.8 (medium): Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers…
CVE-2023-32573 — CVSS 6.5 (medium): In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is…
CVE-2024-30161 — CVSS 6.5 (medium): In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier…
CVE-2018-19869 — CVSS 6.5 (medium): An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
CVE-2024-25580 — CVSS 6.2 (medium): An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x…
CVE-2025-30348 — CVSS 5.8 (medium): encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with…
CVE-2020-0569 — CVSS 5.7 (medium): Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of…
CVE-2025-5683 — CVSS 5.5 (medium): When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions…
CVE-2018-19872 — CVSS 5.5 (medium): An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
CVE-2021-28025 — CVSS 5.5 (medium): Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a…
CVE-2023-43114 — CVSS 5.5 (medium): An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font…
CVE-2020-17507 — CVSS 5.3 (medium): An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a…
CVE-2023-32762 — CVSS 5.3 (medium): An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the…
CVE-2017-10905 — CVSS 5.3 (medium): A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified…
CVE-2023-33285 — CVSS 5.3 (medium): An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read…
CVE-2023-34410 — CVSS 5.3 (medium): An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does…
CVE-2015-7298 — CVSS 5.1 (medium): ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the…
CVE-2013-4549 — CVSS 5.0 (medium): QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity…
CVE-2010-2621 — CVSS 5.0 (medium): The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers…
CVE-2009-2700 — CVSS 4.3 (medium): src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject…
CVE-2014-0190 — CVSS 4.3 (medium): The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width…
CVE-2012-5624 — CVSS 4.3 (medium): The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force…
CVE-2010-5076 — CVSS 4.3 (medium): QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might…
CVE-2007-0242 — CVSS 4.3 (medium): The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which…
CVE-2012-6093 — CVSS 4.3 (medium): The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses…
CVE-2013-0254 — CVSS 3.6 (low): The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions…