CVE-2023-43114 — Uncontrolled Resource Consumption in QT

CWE-400 — Uncontrolled Resource Consumption5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 84.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

4

QT Debian Qt6-base Debian Qtbase-opensource-src +1 more

Timeline

PublishedSep 18

Description

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDqt/qt6.0.0 — 6.2.10+2

▶debiandebian/qt6-base

▶debiandebian/qtbase-opensource-src

▶debiandebian/qtbase-opensource-src-gles

Patches

Patch: codereview.qt-project.org ↗Patch: codereview.qt-project.org ↗

🔴Vulnerability Details

2

GHSA

GHSA-qqpv-296g-7w66: An issue was discovered in Qt before 5↗2023-09-18

▶

OSV

CVE-2023-43114: An issue was discovered in Qt before 5↗2023-09-18

▶

📋Vendor Advisories

2

Red Hat

qt: corrupted font loaded via QFontDatabase::addApplicationFont{FromData] leads to DoS↗2023-09-15

▶

Debian

CVE-2023-43114: qt6-base - An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x throu...↗2023

▶

CVE-2023-43114 — Uncontrolled Resource Consumption | cvebase