Debian Qt6-Base vulnerabilities
16 known vulnerabilities affecting debian/qt6-base.
Total CVEs
16
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7MEDIUM5LOW3
Vulnerabilities
Page 1 of 1
CVE-2023-51714P3CRITICALCVSS 9.8fixed in qt6-base 6.4.2+dfsg-21 (forky)2023
CVE-2023-51714 [CRITICAL] CVE-2023-51714: qt6-base - An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x be...
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
Scope: local
bookworm: open
forky: resolved (fixed in 6.4.2+dfsg-21)
sid: resolved (fixed in 6.4.2+dfsg-21)
trixie: resolved (fix
debian
CVE-2025-5455P3HIGHCVSS 8.4fixed in qt6-base 6.8.2+dfsg-8 (forky)2025
CVE-2025-5455 [HIGH] CVE-2025-5455: qt6-base - An issue was found in the private API function qDecodeDataUrl() in QtCore, which...
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit
debian
CVE-2023-24607P3HIGHCVSS 7.5fixed in qt6-base 6.4.2+dfsg-7 (bookworm)2023
CVE-2023-24607 [HIGH] CVE-2023-24607: qt6-base - Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODB...
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
Scope: local
bookworm: resolved (fixed in 6.4.2+dfsg-7)
forky: resolved (fixed in 6.4.2+dfsg-7)
sid: resolved (fixed in 6.4.2+dfsg-7)
trixie: re
debian
CVE-2023-32763P3HIGHCVSS 7.5fixed in qt6-base 6.4.2+dfsg-8 (bookworm)2023
CVE-2023-32763 [HIGH] CVE-2023-32763: qt6-base - An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x throug...
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
Scope: local
bookworm: resolved (fixed in 6.4.2+dfsg-8)
forky: resolved (fixed in 6.4.2+dfsg-8)
sid: resolved (fixed in 6.4.2+dfsg-8)
trixie: resolved (fixed in 6.4
debian
CVE-2022-25255P3HIGHCVSS 7.8fixed in qt6-base 6.2.4+dfsg-4 (bookworm)2022
CVE-2022-25255 [HIGH] CVE-2022-25255: qt6-base - In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX,...
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
Scope: local
bookworm: resolved (fixed in 6.2.4+dfsg-4)
forky: resolved (fixed in 6.2.4+dfsg-4)
sid: resolved (fixed in 6.2.4+dfsg-4)
trixie: resolved (fixed in 6.2.4+dfsg-4)
debian
CVE-2023-37369P3HIGHCVSS 7.5fixed in qt6-base 6.4.2+dfsg-20 (forky)2023
CVE-2023-37369 [HIGH] CVE-2023-37369: qt6-base - In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, th...
In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
Scope: local
bookworm: open
forky: resolved (fixed in 6.4.2+dfsg-20)
sid: resolved (fixed in 6.4.2+dfsg-20)
trixie: resolved (fixed in 6.4.2
debian
CVE-2023-38197P3HIGHCVSS 7.5fixed in qt6-base 6.6.2+dfsg-8 (forky)2023
CVE-2023-38197 [HIGH] CVE-2023-38197: qt6-base - An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x throu...
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
Scope: local
bookworm: open
forky: resolved (fixed in 6.6.2+dfsg-8)
sid: resolved (fixed in 6.6.2+dfsg-8)
trixie: resolved (fixed in 6.6.2+dfsg-8)
debian
CVE-2024-39936P4HIGHCVSS 8.6fixed in qt6-base 6.8.2+dfsg-5 (forky)2024
CVE-2024-39936 [HIGH] CVE-2024-39936: qt6-base - An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x ...
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
Scope: local
bookworm: open
forky: resolved (fixed in
debian
CVE-2023-32762P4MEDIUMCVSS 5.3fixed in qt6-base 6.4.2+dfsg-9 (bookworm)2023
CVE-2023-32762 [MEDIUM] CVE-2023-32762: qt6-base - An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x throug...
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
Scope: local
bookwo
debian
CVE-2023-33285P4MEDIUMCVSS 5.3fixed in qt6-base 6.4.2+dfsg-10 (bookworm)2023
CVE-2023-33285 [MEDIUM] CVE-2023-33285: qt6-base - An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x th...
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
Scope: local
bookworm: resolved (fixed in 6.4.2+dfsg-10)
forky: resolved (fixed in 6.4.2+dfsg-10)
sid: resolved (fixed in 6.4.2+dfsg-10)
trixie: resolved (fixed in 6.4.2+dfsg-10)
debian
CVE-2023-34410P4MEDIUMCVSS 5.3fixed in qt6-base 6.4.2+dfsg-11 (forky)2023
CVE-2023-34410 [MEDIUM] CVE-2023-34410: qt6-base - An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x throug...
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
Scope: local
bookworm: open
forky: resolved (fixed in 6.4.2+dfsg-11)
sid: resolved (fixed in 6.4.2+dfsg-11)
trixie: resolved (fixed in 6.4.2+dfsg-1
debian
CVE-2025-30348P4MEDIUMCVSS 5.8fixed in qt6-base 6.8.2+dfsg-5 (forky)2025
CVE-2025-30348 [MEDIUM] CVE-2025-30348: qt6-base - encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML stri...
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).
Scope: local
bookworm: open
forky: resolved (fixed in 6.8.2+dfsg-5)
sid: resolved (fixed in 6.8.2+dfsg-5)
trixie: resolved (fixed in 6.8.2+dfsg-5)
debian
CVE-2024-25580P4MEDIUMCVSS 6.2fixed in qt6-base 6.6.2+dfsg-8 (forky)2024
CVE-2024-25580 [MEDIUM] CVE-2024-25580: qt6-base - An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x be...
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
Scope: local
bookworm: open
forky: resolved (fixed in 6.6.2+dfsg-8)
sid: resolved (fixed in 6.6.2+dfsg-8)
trixie: resolved (fixed in 6
debian
CVE-2025-3512P4LOWCVSS 4.8fixed in qt6-base 6.8.2+dfsg-6 (forky)2025
CVE-2025-3512 [MEDIUM] CVE-2025-3512: qt6-base - There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. Th...
There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.
Scope: local
bookworm: resolved
forky: resolved
debian
CVE-2020-23884P4LOWCVSS 5.5fixed in qtimageformats-opensource-src 5.15.15-3 (forky)2020
CVE-2020-23884 [MEDIUM] CVE-2020-23884: qt6-base - A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial of servic...
A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial of service (DoS) via a crafted MNG file.
Scope: local
bookworm: resolved
forky: resolved
sid: resolved
trixie: resolved
debian
CVE-2025-5992P4LOWCVSS 2.3fixed in qt6-base 6.8.2+dfsg-9 (forky)2025
CVE-2025-5992 [LOW] CVE-2025-5992: qt6-base - When passing values outside of the expected range to QColorTransferGenericFuncti...
When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.
Scope: local
bookworm: open
forky: re
debian