CVE-2022-40983 — Integer Overflow or Wraparound in Project QT

CWE-190 — Integer Overflow or Wraparound6 documents5 sources

Severity

8.8HIGHNVD

EPSS

0.6%

top 30.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Qt6-declarative Debian Qtdeclarative-opensource-src Debian Qtdeclarative-opensource-src-gles +2 more

Timeline

PublishedJan 12

Latest updateJan 13

Description

An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5qt_project/qt6.3.2.

▶debiandebian/qt6-declarative< qt6-declarative 6.4.2+dfsg~rc1-2 (bookworm)

▶debiandebian/qtdeclarative-opensource-src< qt6-declarative 6.4.2+dfsg~rc1-2 (bookworm)

▶debiandebian/qtdeclarative-opensource-src-gles< qt6-declarative 6.4.2+dfsg~rc1-2 (bookworm)

▶NVDqt/qt6.3.2

🔴Vulnerability Details

OSV

CVE-2022-40983: An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6↗2023-01-12

▶

GHSA

GHSA-32ph-rfjm-xcxh: An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6↗2023-01-12

▶

📋Vendor Advisories

Debian

CVE-2022-40983: qt6-declarative - An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt P...↗2022

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Integer and buffer overflow vulnerabilities found in QT QML↗2023-01-13

▶

Talos

Vulnerability Spotlight: Integer and buffer overflow vulnerabilities found in QT QML↗2023-01-13

▶